[GRLUG] FW: $849 - New IBM Thinkpad T61 Core 2 Duo Laptop 2.0GHz with DVD-R, WWAN, WiFi and Widescreen

john-thomas richards jtr at jrichards.org
Wed May 14 12:10:21 EDT 2008


On Wed, May 14, 2008 at 11:57:45AM -0400, Collin wrote:
[snip]
> I still think that my 
> current question is valid. The replies I've gotten tend to suggest that 
> while Debian really screwed up badly with the openssl ordeal, that they 
> still do much more good than harm. This is comforting to know.
>  
> The question: Is X linux distributor trustworthy if their maintainers 
> remove security features from a really important package?

Debian did not remove security features.  A bug "fix" inadvertently
introduced a *huge* security risk.  Keep in mind, though, that this
admittedly big security problem was discovered in the code itself and
not in a remote exploit.  Upgrading the necessary packages (that were
available almost immediately) and reissuing keys are all that is
necessary to avoid a remote exploit.  Granted, some may have a lot of
keys to issue, but it is an inconvenience more than anything else.

[snip]
-- 
john-thomas
------
Fame is a vapor; popularity an accident; the only earthly certainty is
oblivion.
Mark Twain, author and humorist (1835-1910)


More information about the grlug mailing list