Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Port Randomization: New revision of our IETF Internet-Draft
From: Pavel Labushev <p.labushev () gmail com>
Date: Wed, 03 Sep 2008 02:18:13 +0800

Valdis.Kletnieks () vt edu ?????:
On Tue, 02 Sep 2008 17:17:43 +0800, Pavel Labushev said:

"SECURITY PATCH tag on a fix" helps me to know that there is the problem 
and I must consider the patch, check its correctness and maybe 
test/backport/apply it to my production systems ASAP. Just as another 
tags helps me to know that there are realiability and other issues I 
must care about.

OK, now s/security patch/silent data corruption/ and tell me what's *actually*
different.

The consequences are actually and obviously different. Now, please, try 
to figure out that by yourself. Forget about Linus' point. Pretend 
you're system administrator and try to think like one.

Wow, you still need to consider it, check it, test it, and deploy it.

Not exactly.

Unless of course you don't give a shit about your data.  But in that case,
the security patch can probably be overlooked too.

Hint: the data can be backed up.

That's Linus's point - if the patch is important enough to go into one of
the -stable tree kernels, it's probably something you want to install, whether
or not it's a security patch.

Whether or not so-called -stable kernels are always stable - is another 
question. And not a last one - there are more.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]