Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Is Mozilla's "patch" enough?
From: Florian Weimer <fw () deneb enyo de>
Date: Mon, 12 Jul 2004 21:02:51 +0200

* Aviv Raff:

On Mon, 12 Jul 2004 20:34:44 +0200, Florian Weimer <fw () deneb enyo de> wrote:
* Aviv Raff:

Security patches shouldn't be overridden unless intended too (i.e

This is not standard industry practice.  Especially if a patch might
break previously working configuration, I completely agree that it's

That's why there should be a way to uninstall the patch, as I wrote.

This requires that you have individual patches for each vulnerability,
something that is often practically impossible (because of
combinatoric explosion) and is a support nightmare if it is possible.

Those vendors supplying source code are far better off in this area.
You simply pick the parts you like and recompile your own version.

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]