Re: Debian Investigation Report after Server Compromises
On Tue, 02 Dec 2003 23:08:07 -0800, Paul Johnson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Tue, Dec 02, 2003 at 06:17:44PM -0500, Paul Morgan wrote:
>> It would be a lot less stable and secure if debian started
>> publishing exploits. The announcement explains quite clearly what
>> happened and how to protect your system.
>
> Why does BugTraq do it? Because it forces quick action.
>
> Granted, this isn't a problem for a self-motivated project like
> Debian. However, Debian is looked up to quite a bit in the software
> community, so shouldn't Debian be setting the example here?
>
Paul, I think debian *is* setting the example by not further propagating
the exploit by publishing it.
--
....................paul
"I think that gay marriage is something that should be between a man and
a woman."
-- Arnold Schwarzenegger, Governor of California
Reply to: