1 |
On Wed, 14 Mar 2007 22:56:31 +0100 Paul de Vrieze <pauldv@g.o> |
2 |
wrote: |
3 |
> On Wednesday 14 March 2007, Stephen Bennett wrote: |
4 |
> > On Wed, 14 Mar 2007 16:38:20 +0100 |
5 |
> > |
6 |
> > "Ioannis Aslanidis" <aslanidis@×××××.com> wrote: |
7 |
> > > Ciaran, honestly and without any offense intention, what would be |
8 |
> > > your answers to the questions you formulated? If you ask all |
9 |
> > > that, assuming it's all rethoric, what is your opinion? |
10 |
> > |
11 |
> > I think his intention was to demonstrate that the idea is |
12 |
> > implausible, at best counterproductive and at worst disastrous. |
13 |
> > Which it is, and which he did fairly well. |
14 |
> |
15 |
> Could you explain how this is implausible. Removing contributions by |
16 |
> a certain person may be silly or impossible. Refusing to accept new |
17 |
> contributions is, while a very harsh measure, a possibility. |
18 |
|
19 |
Right up until the point where it leads to data loss, security holes or |
20 |
the inability to use important packages... |
21 |
|
22 |
What do you think users will say when told that their system will |
23 |
remain vulnerable to a remote root hole because Gentoo won't accept a |
24 |
fix from a particular person? Do you think they'll smile, nod and |
25 |
accept that their system is about to get taken over by some kid in |
26 |
Russia, or do you think they'll scream and switch to Ubuntu? |
27 |
|
28 |
Heck, that this even has to be spelt out is pretty scary... |
29 |
|
30 |
(Bear in mind that claiming to have independently rediscovered a hole |
31 |
and indepedently recreated a two line security change is not exactly |
32 |
going to go over well either...) |
33 |
|
34 |
-- |
35 |
Ciaran McCreesh |
36 |
Mail : ciaranm at ciaranm.org |
37 |
Web : http://ciaranm.org/ |
38 |
Paludis, the secure package manager : http://paludis.pioto.org/ |