Re: Alas and alack.

To: Scott Dier - dieman <dieman@ringworld.org>
Cc: alex <radsky@ncia.net>, debian-user@lists.debian.org, newbie@linux-mandrake.com, progeny-debian@lists.progeny.com, redhat-install-list@redhat.com
Subject: Re: Alas and alack.
From: Brian Masinick <masinick@yahoo.com>
Date: Tue, 28 Jan 2003 13:06:08 -0500
Message-id: <[🔎] 3E36C690.3050204@yahoo.com>
Reply-to: masinick@yahoo.com
References: <[🔎] Pine.LNX.4.44.0301281116140.3196-100000@destiny.ringworld.org>

Scott Dier - dieman wrote:

[you in this article refers to all administrators everywhere, not the
original poster, please don't take it personally]

On Tue, 28 Jan 2003, alex wrote:

Has the Linux security bubble burst?


Without reading the article, and at the risk of making myself look foolish
with cross posting to a gaggle of lists.

What security bubble?

Oh, never mind, reading the first paragraph its some "Security Expert"
making sure that they can make some copy.  I'm pretty impressed by these
sorts of articles that assume that systems administrators aren't rooted in
'reality'.  That every one of us is some sort of zealot just trying to get
linux into places with empty promises of 'its more secure' and 'they fix
bugs faster'.

Use the software with the best merits.  If your merits happen to include
that its non-proprietary, don't fool yourself (nor your employer) into
some game of 'its more secure'.  Don't misrepresent the work that you do.

I don't think we would be seeing these articles if there wasn't some form
of zeolotry going on to mislead upper management.  Please 'sell' the merits
of the software on the merits.

However, one point I do see, about security fixes in decent time from
source to distribution form seems to focus on product life cycle rather
than true experience and actual facts.  I would love to see a comparison
of distributions that shows how dedicated many of the Linux distributions
are at distributing stable and secure fixes to users in a timely fashion.

I believe that just about everyone is taking security more seriouslythan they did three or four years ago, but not everyone has theprocesses and procedures in place to deal with issues in a timely andeffective manner. The Debian resources, which you've included in yourposting, do seem to be quite serious about dealing with security issues,and that is nothing new for them, so there have always been mechanismsin place for evaluating product security and resolving urgent issueswhen they are discovered.

No system, however, is completely foolproof. Even Microsoft issued abunch of security patches as long as six months ago, but only during thepast week or so, we've heard complaints about systems being overrun withworms and viruses that should have been confinable, but weren't becauseadministrators failed to keep their systems up to date.

I'm a big Linux fan because of usability, extensibility, flexibility,and security issues. I believe that the different mechanisms availablewith GNU software, especially the Debian GNU/Linux way, lends itselfwell to dealing with these issues. But not even Debian can deal withsystems that are improperly managed. Apparently some people still don'ttake software maintenance seriously. Self managed systems can helpsome, but it still takes involvement from people, and that will alwaysbe the bottom line as far as I am concerned.


--
Brian Masinick
mailto:masinick@yahoo.com

Reply to:

Follow-Ups:
- Re: Alas and alack.
  - From: Scott Dier - dieman <dieman@ringworld.org>
- Re: Alas and alack.
  - From: Bob Paige <bobman@iname.com>

References:
- Re: Alas and alack.
  - From: Scott Dier - dieman <dieman@ringworld.org>

Prev by Date: Re: using man pages for programming
Next by Date: Getting gcc to work
Previous by thread: Re: Alas and alack.
Next by thread: Re: Alas and alack.
Index(es):
- Date
- Thread