| 1 |
On Wed, 14 Mar 2007 22:56:31 +0100 Paul de Vrieze <pauldv@g.o> |
| 2 |
wrote: |
| 3 |
> On Wednesday 14 March 2007, Stephen Bennett wrote: |
| 4 |
> > On Wed, 14 Mar 2007 16:38:20 +0100 |
| 5 |
> > |
| 6 |
> > "Ioannis Aslanidis" <aslanidis@×××××.com> wrote: |
| 7 |
> > > Ciaran, honestly and without any offense intention, what would be |
| 8 |
> > > your answers to the questions you formulated? If you ask all |
| 9 |
> > > that, assuming it's all rethoric, what is your opinion? |
| 10 |
> > |
| 11 |
> > I think his intention was to demonstrate that the idea is |
| 12 |
> > implausible, at best counterproductive and at worst disastrous. |
| 13 |
> > Which it is, and which he did fairly well. |
| 14 |
> |
| 15 |
> Could you explain how this is implausible. Removing contributions by |
| 16 |
> a certain person may be silly or impossible. Refusing to accept new |
| 17 |
> contributions is, while a very harsh measure, a possibility. |
| 18 |
|
| 19 |
Right up until the point where it leads to data loss, security holes or |
| 20 |
the inability to use important packages... |
| 21 |
|
| 22 |
What do you think users will say when told that their system will |
| 23 |
remain vulnerable to a remote root hole because Gentoo won't accept a |
| 24 |
fix from a particular person? Do you think they'll smile, nod and |
| 25 |
accept that their system is about to get taken over by some kid in |
| 26 |
Russia, or do you think they'll scream and switch to Ubuntu? |
| 27 |
|
| 28 |
Heck, that this even has to be spelt out is pretty scary... |
| 29 |
|
| 30 |
(Bear in mind that claiming to have independently rediscovered a hole |
| 31 |
and indepedently recreated a two line security change is not exactly |
| 32 |
going to go over well either...) |
| 33 |
|
| 34 |
-- |
| 35 |
Ciaran McCreesh |
| 36 |
Mail : ciaranm at ciaranm.org |
| 37 |
Web : http://ciaranm.org/ |
| 38 |
Paludis, the secure package manager : http://paludis.pioto.org/ |
Archives