On Wed, Dec 03, 2003 at 10:54:24AM +1000, Andrew Pollock wrote: > On Wed, Dec 03, 2003 at 11:17:19AM +1100, Russell Coker wrote:
> > The only way to have avoided this kernel vulnerability from day-0 of > discovery/fix release would have been to be constantly upgrading to > pre-release kernels. > > I'm starting to sound like I'm trolling for closed-source development models > or something, which is not the case, Smartcards would have avoided the Debian compromise: merely having a compromised DD box would have prevented bad guy from getting on the box. It's all about layers of defense. I think the DD's should seriously think about requiring smartcards. It would have prevented the proxmiate cause of our recent troubles.
