On Wed, 8 Oct 1997, Bob wrote: No, I don't think so, for the same reason issue and issue.net aren't updated:
[0] 654 apocalypse ~ > dpkg -S issue manpages: /usr/man/man5/issue.5.gz base-files: /etc/issue.net netstd: /usr/man/man5/issue.net.5.gz base-files: /etc/issue [0] 655 apocalypse ~ > dpkg -S debian_version base-files: /etc/debian_version [0] 656 apocalypse ~ > > Thanks for the info. I never really thought in terms of security. > Should the file /etc/debian_version show 1.3.1. Mine shows 1.3. > I know this is a very minor point, I'm just curious. > > On Wed, 8 Oct 1997, Branden Robinson wrote: > > > On Wed, 8 Oct 1997, Bob wrote: > > > > > I recently add X to my debian box. My debian version still shows 1.3 > > > > > > Shouldn't this now read 1.3.1?? > > > > > > Bob > > > > I think it's a Debian policy not to "publicize" the patch level of the > > version. (My /etc/issue, and /etc/issue.net files all report 1.3 as > > well, and reported simply 1.1 and 1.2 when I ran those -- 0.93R6 didn't > > have any patches). > > > > This is possibly because one of the few events that causes a patch to the > > stable version is the discovery and patching of security holes. If someone > > can easily determine from your machine what version you're running, he/she > > may be able to make deductions about the security vulnerabilities of your > > machine. > > > > On the other hand, it may just be because /etc/issue and /etc/issue.net are > > contained in the base-files and netstd packages respectively, and to keep > > up with patches, it would be necessary to re-release those two packages > > every time. Come to think of it, that reason is more likely than the > > security one (since real crackers would test your system for exploitability > > regardless of what your issue files said). -- G. Branden Robinson | There's nothing an agnostic can't do Purdue University | if he doesn't know whether he believes [EMAIL PROTECTED] | in it or not. http://www.ecn.purdue.edu/~branden/ | -- Graham Chapman -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
