[GRLUG] FW: $849 - New IBM Thinkpad T61 Core 2 Duo Laptop 2.0GHz with DVD-R, WWAN, WiFi and Widescreen

[john-thomas richards]

On Wed, May 14, 2008 at 12:25:38PM -0400, Collin wrote:
> 
> > Debian did not remove security features.  A bug "fix" inadvertently
> > introduced a *huge* security risk.  Keep in mind, though, that this
> > admittedly big security problem was discovered in the code itself and
> > not in a remote exploit.  Upgrading the necessary packages (that were
> > available almost immediately) and reissuing keys are all that is
> > necessary to avoid a remote exploit.  Granted, some may have a lot of
> > keys to issue, but it is an inconvenience more than anything else.
> >
> > [snip]
> >   
> Semantics... If you introduce something and call it a "bug fix" but it 
> really screws the security up then it wasn't really a bug fix, was it? 
> And if that bug fix removes a security feature then it was a removal of 
> a security feature, not a bug fix. Call things what they are not what it 
> was wished it would be.

I was addressing the statement you made (which you did not include in your
reply) that Debian "removed security features."  They did not.  This is
not a issue of semantics.  "Removes" implies intent.  Bugs are
accidental (except in Samba :-).

> I will, however, grant you that I'm sure that they did it on accident 
> and that the vast majority of the time they get it right. It just sounds 
> like they've got to be more careful in the future.

That it was accidental is the main point (in counterpoint to your
statement) I was making.
-- 
john-thomas
------
If the gods listened to the prayers of men, all humankind would quickly
perish since they constantly pray for many evils to befall one another.
Epicurus, philosopher (c. 341-270 BCE)