Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Is Mozilla's "patch" enough?
From: Florian Weimer <fw () deneb enyo de>
Date: Mon, 12 Jul 2004 21:02:51 +0200

* Aviv Raff:

On Mon, 12 Jul 2004 20:34:44 +0200, Florian Weimer <fw () deneb enyo de> wrote:
* Aviv Raff:

Security patches shouldn't be overridden unless intended too (i.e
uninstalled).

This is not standard industry practice.  Especially if a patch might
break previously working configuration, I completely agree that it's
correct.

That's why there should be a way to uninstall the patch, as I wrote.

This requires that you have individual patches for each vulnerability,
something that is often practically impossible (because of
combinatoric explosion) and is a support nightmare if it is possible.

Those vendors supplying source code are far better off in this area.
You simply pick the parts you like and recompile your own version.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault