Re: Debian for enterprise
On Sunday 16 November 2003 20:29, Johannes Zarl wrote:
> > And I mean, the core question is: What is the advantage of not
> > updating packages, when the package is in question is so old you
> > shouldn't use it?
> Sorry, if I miss the point, but if there is an advisory against using
> the version of snort oficially released with woody, shouldn't there
> also be a backport of the security-patch available on
> security.debian.org? To my understanding you surely find outdated
> packages in woody (chkrootkit, for example), but never, ever there
> are packages with known security risks in it.
Of course. However, the problem is not that there is a security risk,
but that the package is outdated to the point that it is unusable. That
is too a security risk, in the sense that if you run snort and think it
would tell you about attacks, and it doesn't, it is a risk in itself.
firstname.lastname@example.org email@example.com firstname.lastname@example.org
Homepage: http://www.kjetil.kjernsmo.net/ OpenPGP KeyID: 6A6A0BBC