| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA512 |
| 3 |
|
| 4 |
BRM wrote: |
| 5 |
> A "static package" is never for "security reasons". It's for "administration" reasons. Please don't confuse the two. |
| 6 |
|
| 7 |
I deeply agree! |
| 8 |
|
| 9 |
> If someone was truly looking at the "security reasons", then they would try to stick with newer software - especially in the F/OSS world - since it nearly always fixes the older security issues (or at worse propagates them), usually gets the fixes faster, and even though it might introduce new issues, those issues are likely unknown to any. |
| 10 |
|
| 11 |
I'd like to add that the policy of using old, "verified", secure software is relatively flawed, as |
| 12 |
every day we find methods to exploit coding vulnerabilities that were previously thought of as |
| 13 |
"un-exploitable"... |
| 14 |
|
| 15 |
- -- |
| 16 |
Arturo "Buanzo" Busleiman |
| 17 |
Independent Linux and Security Consultant - SANS - OISSG - OWASP |
| 18 |
http://www.buanzo.com.ar/pro/eng.html |
| 19 |
Mailing List Archives at http://archiver.mailfighter.net |
| 20 |
-----BEGIN PGP SIGNATURE----- |
| 21 |
Version: GnuPG v1.4.6 (GNU/Linux) |
| 22 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
| 23 |
|
| 24 |
iD8DBQFI45LTAlpOsGhXcE0RCr/8AJ417MK1I6pjyVWw86cdqK8ny4Dt+QCePKur |
| 25 |
YU/u2aLIE9lvJNo2uEFgBeM= |
| 26 |
=7suo |
| 27 |
-----END PGP SIGNATURE----- |
Archives