Re: debian version 1.3.1 ?
On Wed, 8 Oct 1997, Bob wrote:
No, I don't think so, for the same reason issue and issue.net aren't
updated:
[0] 654 apocalypse ~ > dpkg -S issue
manpages: /usr/man/man5/issue.5.gz
base-files: /etc/issue.net
netstd: /usr/man/man5/issue.net.5.gz
base-files: /etc/issue
[0] 655 apocalypse ~ > dpkg -S debian_version
base-files: /etc/debian_version
[0] 656 apocalypse ~ >
> Thanks for the info. I never really thought in terms of security.
> Should the file /etc/debian_version show 1.3.1. Mine shows 1.3.
> I know this is a very minor point, I'm just curious.
>
> On Wed, 8 Oct 1997, Branden Robinson wrote:
>
> > On Wed, 8 Oct 1997, Bob wrote:
> >
> > > I recently add X to my debian box. My debian version still shows 1.3
> > >
> > > Shouldn't this now read 1.3.1??
> > >
> > > Bob
> >
> > I think it's a Debian policy not to "publicize" the patch level of the
> > version. (My /etc/issue, and /etc/issue.net files all report 1.3 as
> > well, and reported simply 1.1 and 1.2 when I ran those -- 0.93R6 didn't
> > have any patches).
> >
> > This is possibly because one of the few events that causes a patch to the
> > stable version is the discovery and patching of security holes. If someone
> > can easily determine from your machine what version you're running, he/she
> > may be able to make deductions about the security vulnerabilities of your
> > machine.
> >
> > On the other hand, it may just be because /etc/issue and /etc/issue.net are
> > contained in the base-files and netstd packages respectively, and to keep
> > up with patches, it would be necessary to re-release those two packages
> > every time. Come to think of it, that reason is more likely than the
> > security one (since real crackers would test your system for exploitability
> > regardless of what your issue files said).
--
G. Branden Robinson | There's nothing an agnostic can't do
Purdue University | if he doesn't know whether he believes
branden@purdue.edu | in it or not.
http://www.ecn.purdue.edu/~branden/ | -- Graham Chapman
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: