Full Disclosure mailing list archives
Re: Solaris security patches.
From: Florian Weimer <fw () deneb enyo de>
Date: Thu, 2 Oct 2003 22:59:12 +0200
Len Rose wrote:
NOTE: These are personal opinions and as such I do not speak for any entity other than myself.
It's been quite a while for those who rely on ssh and sendmail, so generally everyone eventually is forced to ditch "official" versions of ssh and sendmail in favour of building these critical pieces of software from source from the open source development teams.
Furthermore, you can't be sure that a maintainance upgrade introduces code with known, widely-published security issues (so seen with BIND). And no, you aren't told at once. 8-( Let's face it, if you run Solaris, you don't do that for its security. Sun customers as a whole have a wide range of priorities, and security is just one of them. In some environments where Sun servers are traditionally used, I can fully understand that it's more important to fix certain non-security defects or deliver additional features. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Solaris security patches. Len Rose (Oct 01)
- Re: Solaris security patches. Florian Weimer (Oct 02)