Re: debian version 1.3.1 ?

To: Bob <rmb@eclipse.net>
Cc: Debian user list <debian-user@lists.debian.org>
Subject: Re: debian version 1.3.1 ?
From: Branden Robinson <branden@apocalypse.sequitur.org>
Date: Wed, 8 Oct 1997 21:33:30 -0500 (EST)
Message-id: <[🔎] Pine.LNX.3.96.971008213235.18330A-100000@apocalypse.sequitur.org>
Reply-to: branden@purdue.edu
In-reply-to: <[🔎] Pine.LNX.3.96.971008222928.715A-100000@runner.eclipse.net>

On Wed, 8 Oct 1997, Bob wrote:

No, I don't think so, for the same reason issue and issue.net aren't
updated:

[0] 654 apocalypse ~ > dpkg -S issue
manpages: /usr/man/man5/issue.5.gz
base-files: /etc/issue.net
netstd: /usr/man/man5/issue.net.5.gz
base-files: /etc/issue
[0] 655 apocalypse ~ > dpkg -S debian_version
base-files: /etc/debian_version
[0] 656 apocalypse ~ > 

> Thanks for the info. I never really thought in terms of security.
> Should the file /etc/debian_version  show 1.3.1.  Mine shows 1.3.
> I know this is a very minor point, I'm just curious.
> 
> On Wed, 8 Oct 1997, Branden Robinson wrote:
> 
> > On Wed, 8 Oct 1997, Bob wrote:
> > 
> > > I recently add X to my debian box. My debian version still shows 1.3
> > > 
> > > Shouldn't this now read 1.3.1??
> > > 
> > > Bob
> > 
> > I think it's a Debian policy not to "publicize" the patch level of the
> > version.  (My /etc/issue, and /etc/issue.net files all report 1.3 as
> > well, and reported simply 1.1 and 1.2 when I ran those -- 0.93R6 didn't
> > have any patches).
> > 
> > This is possibly because one of the few events that causes a patch to the
> > stable version is the discovery and patching of security holes.  If someone
> > can easily determine from your machine what version you're running, he/she
> > may be able to make deductions about the security vulnerabilities of your
> > machine.
> > 
> > On the other hand, it may just be because /etc/issue and /etc/issue.net are
> > contained in the base-files and netstd packages respectively, and to keep
> > up with patches, it would be necessary to re-release those two packages
> > every time.  Come to think of it, that reason is more likely than the
> > security one (since real crackers would test your system for exploitability
> > regardless of what your issue files said).

--
G. Branden Robinson                 |  There's nothing an agnostic can't do
Purdue University                   |  if he doesn't know whether he believes
branden@purdue.edu                  |  in it or not.
http://www.ecn.purdue.edu/~branden/ |  -- Graham Chapman


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

References:
- Re: debian version 1.3.1 ?
  - From: Bob <rmb@eclipse.net>

Prev by Date: Re: debian version 1.3.1 ?
Next by Date: Re: Debian Netatalk and Ethernet cards
Previous by thread: Re: debian version 1.3.1 ?
Next by thread: Re: debian version 1.3.1 ?
Index(es):
- Date
- Thread