also sprach Michael Stone [EMAIL PROTECTED] [2002.04.04.0211 +0200]:
because it will prevent s.d.o from serving a buggy package. it's not
fixed perfectly, but at least it's not subject to a known exploit.
Could you be a little more careful with your terms? A DOS is not an
exploit, it's a
also sprach Andrew Pimlott [EMAIL PROTECTED] [2002.04.04.0135 +0200]:
this problem is understood by the developers of proftpd
Wichert said that nobody has explained why the current fix on s.d.o
doesn't work. If the problem is understood, why hasn't someone
explained this? That's all that
will do, sorry. a DOS is still a form of exploit - you exploit
One way to clarify your thinking about this: to repair a DOS problem,
you simply need to fix the effected service (with a big hammer, like
apt-get remove or an ip firewall entry, or with more subtle tools
like fixing the bug and
On Wed, Apr 03, 2002 at 03:22:39AM +0200, martin f krafft wrote:
but give me at least one argument why these acts cannot combine with
a *temporary* fix uploaded to the so-called security archives.
There are several good reasons:
- If a band-aid fix is allowed, there is less incentive to find
[ Followup to incomplete send. ]
On Wed, Apr 03, 2002 at 10:54:25AM -0500, Andrew Pimlott wrote:
I think Wichert's position
... reflects appropriate discipline, given the (relatively modest)
severity of the problem.
Andrew
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of
On Wed, Apr 03, 2002 at 10:56:32AM +0900, Howland, Curtis wrote:
I would bet that the vast majority of flame wars begin because someone
mistakes terse or concise for hostility.
The reverse, being the endless spewing of meaningless words, all the while
saying nothing at all or even the
also sprach Andrew Pimlott [EMAIL PROTECTED] [2002.04.03.1754 +0200]:
There are several good reasons:
- If a band-aid fix is allowed, there is less incentive to find
the correct fix.
true. doesn't mean that we have to fall into that hole.
- If the problem isn't understood, there is
also sprach Andrew Pimlott [EMAIL PROTECTED] [2002.04.03.1805 +0200]:
On Wed, Apr 03, 2002 at 10:54:25AM -0500, Andrew Pimlott wrote:
I think Wichert's position
... reflects appropriate discipline, given the (relatively modest)
severity of the problem.
i also have to agree with you here
also sprach Nathan E Norman [EMAIL PROTECTED] [2002.04.03.0732 +0200]:
well, i am calm, but i disagree. sure, it boils down to the question
who debian's audience are, but for all i am concerned, debian's
reputation _used_ to include security, and the reason why i'd (as in
would and had)
On Thu, Apr 04, 2002 at 01:09:27AM +0200, martin f krafft wrote:
this problem is understood by the developers of proftpd
Wichert said that nobody has explained why the current fix on s.d.o
doesn't work. If the problem is understood, why hasn't someone
explained this? That's all that is asked,
On Thu, Apr 04, 2002 at 01:06:26AM +0200, martin f krafft wrote:
because it will prevent s.d.o from serving a buggy package. it's not
fixed perfectly, but at least it's not subject to a known exploit.
Could you be a little more careful with your terms? A DOS is not an
exploit, it's a DOS. By
also sprach Wichert Akkerman [EMAIL PROTECTED] [2002.03.31.2009 +0200]:
Because it might impact other packages as well.
sure, but the upload won't.
I'ld rather make sure we don't have a bug in multiple packages then
a reasonably harmless semi-bug in a single package.
that's a purist approach
Previously martin f krafft wrote:
that's a purist approach which doesn't work with security.
I does, and in fact it's a very good approach: make sure you study
what the real problem is instead of trying to fix things with bandaid.
With all the energy wasted on this someone could have found the
also sprach Wichert Akkerman [EMAIL PROTECTED] [2002.04.02.1250 +0200]:
I does, and in fact it's a very good approach: make sure you study
what the real problem is instead of trying to fix things with bandaid.
wrong. fix things with bandaid to give you more time to find the real
problem. i am
Previously martin f krafft wrote:
wrong. fix things with bandaid to give you more time to find the real
problem. i am not saying that this is the final fix. put it this way,
you aren't going to wait for intruders to make use of the opportunity
while you search the drunkbold who broke your
dear list,
look, i am really not here to start a flame war and heck no, i don't
want one. please excuse if my behaviour has been leading you onto this
belief (or maybe not). i am simply failing to grasp the arguments laid
out by wichert. that is, i don't disagree with him per se, but i have
the
I would bet that the vast majority of flame wars begin because someone
mistakes terse or concise for hostility.
The reverse, being the endless spewing of meaningless words, all the while
saying nothing at all or even the opposite of what it sounds like, is the art
of politicians and diplomats.
On Wed, Apr 03, 2002 at 03:22:39AM +0200, martin f krafft wrote:
they really weren't intended to be flames. i am sorry if they felt
that way. i am really just trying to be concise since i don't have
much more to say than i did.
Personally I do not think you flamed, and your points are very
On Wed, Apr 03, 2002 at 03:22:39AM +0200, martin f krafft wrote:
dear list,
look, i am really not here to start a flame war and heck no, i don't
want one. please excuse if my behaviour has been leading you onto this
belief (or maybe not). i am simply failing to grasp the arguments laid
out
19 matches
Mail list logo
