[GRLUG] FW: $849 - New IBM Thinkpad T61 Core 2 Duo Laptop 2.0GHz with DVD-R, WWAN, WiFi and Widescreen
Collin
adderd at kkmfg.com
Wed May 14 12:25:38 EDT 2008
> Debian did not remove security features. A bug "fix" inadvertently
> introduced a *huge* security risk. Keep in mind, though, that this
> admittedly big security problem was discovered in the code itself and
> not in a remote exploit. Upgrading the necessary packages (that were
> available almost immediately) and reissuing keys are all that is
> necessary to avoid a remote exploit. Granted, some may have a lot of
> keys to issue, but it is an inconvenience more than anything else.
>
> [snip]
>
Semantics... If you introduce something and call it a "bug fix" but it
really screws the security up then it wasn't really a bug fix, was it?
And if that bug fix removes a security feature then it was a removal of
a security feature, not a bug fix. Call things what they are not what it
was wished it would be.
I will, however, grant you that I'm sure that they did it on accident
and that the vast majority of the time they get it right. It just sounds
like they've got to be more careful in the future.
More information about the grlug
mailing list