On Sunday 16 November 2003 20:29, Johannes Zarl wrote: > > And I mean, the core question is: What is the advantage of not > > updating packages, when the package is in question is so old you > > shouldn't use it? > > Sorry, if I miss the point, but if there is an advisory against using > the version of snort oficially released with woody, shouldn't there > also be a backport of the security-patch available on > security.debian.org? To my understanding you surely find outdated > packages in woody (chkrootkit, for example), but never, ever there > are packages with known security risks in it.
Of course. However, the problem is not that there is a security risk, but that the package is outdated to the point that it is unusable. That is too a security risk, in the sense that if you run snort and think it would tell you about attacks, and it doesn't, it is a risk in itself. Best, Kjetil -- Kjetil Kjernsmo Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Homepage: http://www.kjetil.kjernsmo.net/ OpenPGP KeyID: 6A6A0BBC -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
