-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 BRM wrote: > A "static package" is never for "security reasons". It's for "administration" > reasons. Please don't confuse the two.
I deeply agree! > If someone was truly looking at the "security reasons", then they would try > to stick with newer software - especially in the F/OSS world - since it > nearly always fixes the older security issues (or at worse propagates them), > usually gets the fixes faster, and even though it might introduce new issues, > those issues are likely unknown to any. I'd like to add that the policy of using old, "verified", secure software is relatively flawed, as every day we find methods to exploit coding vulnerabilities that were previously thought of as "un-exploitable"... - -- Arturo "Buanzo" Busleiman Independent Linux and Security Consultant - SANS - OISSG - OWASP http://www.buanzo.com.ar/pro/eng.html Mailing List Archives at http://archiver.mailfighter.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI45LTAlpOsGhXcE0RCr/8AJ417MK1I6pjyVWw86cdqK8ny4Dt+QCePKur YU/u2aLIE9lvJNo2uEFgBeM= =7suo -----END PGP SIGNATURE-----
