[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian for enterprise

On Sunday 16 November 2003 20:29, Johannes Zarl wrote:
> > And I mean, the core question is: What is the advantage of not
> > updating packages, when the package is in question is so old you
> > shouldn't use it?
> Sorry, if I miss the point, but if there is an advisory against using
> the version of snort oficially released with woody, shouldn't there
> also be a backport of the security-patch available on
> security.debian.org? To my understanding you surely find outdated
> packages in woody (chkrootkit, for example), but never, ever there
> are packages with known security risks in it.

Of course. However, the problem is not that there is a security risk, 
but that the package is outdated to the point that it is unusable. That 
is too a security risk, in the sense that if you run snort and think it 
would tell you about attacks, and it doesn't, it is a risk in itself.


Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
kjetil@kjernsmo.net  webmaster@skepsis.no  editor@learn-orienteering.org
Homepage: http://www.kjetil.kjernsmo.net/        OpenPGP KeyID: 6A6A0BBC

Reply to: