On Wed, 2003-12-03 at 07:04, Paul Johnson wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tue, Dec 02, 2003 at 09:41:15PM +0000, Oliver Elphick wrote: > > Because there will be lots of people who haven't yet had the chance to > > upgrade. They won't thank us for making an exploit available to every > > would-be cracker. > > Why should we cater to people who can't be bothered to help > themselves? Leaving readily compromisable systems out there does the > net a disservice.
Suppose I go off for two weeks holiday? I'm the only one who can change my system's kernel, but I leave it on because it is the gateway for everyone else. The day after I leave, some idiot publishes details of this exploit and for 13 days my system is vulnerable, before I even hear about the problem, let alone have the chance to fix it. There is not yet a Debian package of kernel 2.4.23, so anyone who can't downgrade to 2.4.18 must fetch his own kernel source and build it; which may be beyond the abilities of many of those who are vulnerable. -- Oliver Elphick [EMAIL PROTECTED] Isle of Wight, UK http://www.lfix.co.uk/oliver GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C ======================================== "What shall we then say to these things? If God be for us, who can be against us?" Romans 8:31 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
