> will do, sorry. a DOS is still a form of exploit - you exploit
One way to clarify your thinking about this: to repair a DOS problem,
you simply need to fix the effected service (with a big hammer, like
"apt-get remove" or an ip firewall entry, or with more subtle tools
like fixing the bug and u
also sprach Andrew Pimlott <[EMAIL PROTECTED]> [2002.04.04.0135 +0200]:
> > this problem is understood by the developers of proftpd
>
> Wichert said that nobody has explained why the current fix on s.d.o
> doesn't work. If the problem is understood, why hasn't someone
> explained this? That's al
also sprach Michael Stone <[EMAIL PROTECTED]> [2002.04.04.0211 +0200]:
> > because it will prevent s.d.o from serving a buggy package. it's not
> > fixed perfectly, but at least it's not subject to a known exploit.
>
> Could you be a little more careful with your terms? A DOS is not an
> exploit,
On Thu, Apr 04, 2002 at 01:06:26AM +0200, martin f krafft wrote:
> because it will prevent s.d.o from serving a buggy package. it's not
> fixed perfectly, but at least it's not subject to a known exploit.
Could you be a little more careful with your terms? A DOS is not an
exploit, it's a DOS. By s
On Thu, Apr 04, 2002 at 01:09:27AM +0200, martin f krafft wrote:
> this problem is understood by the developers of proftpd
Wichert said that nobody has explained why the current fix on s.d.o
doesn't work. If the problem is understood, why hasn't someone
explained this? That's all that is asked,
also sprach Nathan E Norman <[EMAIL PROTECTED]> [2002.04.03.0732 +0200]:
> > well, i am calm, but i disagree. sure, it boils down to the question
> > who debian's audience are, but for all i am concerned, debian's
> > reputation _used_ to include "security", and the reason why i'd (as in
> > "would
also sprach Andrew Pimlott <[EMAIL PROTECTED]> [2002.04.03.1805 +0200]:
> On Wed, Apr 03, 2002 at 10:54:25AM -0500, Andrew Pimlott wrote:
> > I think Wichert's position
>
> ... reflects appropriate discipline, given the (relatively modest)
> severity of the problem.
i also have to agree with you
also sprach Andrew Pimlott <[EMAIL PROTECTED]> [2002.04.03.1754 +0200]:
> There are several good reasons:
>
> - If a band-aid fix is allowed, there is less incentive to find
> the correct fix.
true. doesn't mean that we have to fall into that hole.
> - If the problem isn't understood, th
On Wed, Apr 03, 2002 at 10:56:32AM +0900, Howland, Curtis wrote:
> I would bet that the vast majority of "flame wars" begin because someone
> mistakes "terse" or "concise" for hostility.
>
> The reverse, being the endless spewing of meaningless words, all the while
> saying nothing at all or eve
[ Followup to incomplete send. ]
On Wed, Apr 03, 2002 at 10:54:25AM -0500, Andrew Pimlott wrote:
> I think Wichert's position
... reflects appropriate discipline, given the (relatively modest)
severity of the problem.
Andrew
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "uns
On Wed, Apr 03, 2002 at 03:22:39AM +0200, martin f krafft wrote:
> but give me at least one argument why these acts cannot combine with
> a *temporary* fix uploaded to the so-called "security archives".
There are several good reasons:
- If a band-aid fix is allowed, there is less incentive to f
On Wed, Apr 03, 2002 at 03:22:39AM +0200, martin f krafft wrote:
> dear list,
>
> look, i am really not here to start a flame war and heck no, i don't
> want one. please excuse if my behaviour has been leading you onto this
> belief (or maybe not). i am simply failing to grasp the arguments laid
>
On Wed, Apr 03, 2002 at 03:22:39AM +0200, martin f krafft wrote:
> they really weren't intended to be flames. i am sorry if they felt
> that way. i am really just trying to be concise since i don't have
> much more to say than i did.
Personally I do not think you flamed, and your points are very v
I would bet that the vast majority of "flame wars" begin because someone
mistakes "terse" or "concise" for hostility.
The reverse, being the endless spewing of meaningless words, all the while
saying nothing at all or even the opposite of what it sounds like, is the art
of politicians and diplo
dear list,
look, i am really not here to start a flame war and heck no, i don't
want one. please excuse if my behaviour has been leading you onto this
belief (or maybe not). i am simply failing to grasp the arguments laid
out by wichert. that is, i don't disagree with him per se, but i have
the fe
Previously martin f krafft wrote:
> wrong. fix things with bandaid to give you more time to find the real
> problem. i am not saying that this is the final fix. put it this way,
> you aren't going to wait for intruders to make use of the opportunity
> while you search the drunkbold who broke your w
also sprach Wichert Akkerman <[EMAIL PROTECTED]> [2002.04.02.1250 +0200]:
> I does, and in fact it's a very good approach: make sure you study
> what the real problem is instead of trying to fix things with bandaid.
wrong. fix things with bandaid to give you more time to find the real
problem. i a
Previously martin f krafft wrote:
> that's a purist approach which doesn't work with security.
I does, and in fact it's a very good approach: make sure you study
what the real problem is instead of trying to fix things with bandaid.
With all the energy wasted on this someone could have found the
also sprach Wichert Akkerman <[EMAIL PROTECTED]> [2002.03.31.2009 +0200]:
> Because it might impact other packages as well.
sure, but the upload won't.
> I'ld rather make sure we don't have a bug in multiple packages then
> a reasonably harmless semi-bug in a single package.
that's a purist appr
19 matches
Mail list logo
