[GRLUG] FW: $849 - New IBM Thinkpad T61 Core 2 Duo Laptop 2.0GHz with DVD-R, WWAN, WiFi and Widescreen
john-thomas richards
jtr at jrichards.org
Wed May 14 12:10:21 EDT 2008
On Wed, May 14, 2008 at 11:57:45AM -0400, Collin wrote:
[snip]
> I still think that my
> current question is valid. The replies I've gotten tend to suggest that
> while Debian really screwed up badly with the openssl ordeal, that they
> still do much more good than harm. This is comforting to know.
>
> The question: Is X linux distributor trustworthy if their maintainers
> remove security features from a really important package?
Debian did not remove security features. A bug "fix" inadvertently
introduced a *huge* security risk. Keep in mind, though, that this
admittedly big security problem was discovered in the code itself and
not in a remote exploit. Upgrading the necessary packages (that were
available almost immediately) and reissuing keys are all that is
necessary to avoid a remote exploit. Granted, some may have a lot of
keys to issue, but it is an inconvenience more than anything else.
[snip]
--
john-thomas
------
Fame is a vapor; popularity an accident; the only earthly certainty is
oblivion.
Mark Twain, author and humorist (1835-1910)
More information about the grlug
mailing list