Full Disclosure mailing list archives
Re: Is Mozilla's "patch" enough?
From: Florian Weimer <fw () deneb enyo de>
Date: Mon, 12 Jul 2004 21:02:51 +0200
* Aviv Raff:
On Mon, 12 Jul 2004 20:34:44 +0200, Florian Weimer <fw () deneb enyo de> wrote:* Aviv Raff:Security patches shouldn't be overridden unless intended too (i.e uninstalled).This is not standard industry practice. Especially if a patch might break previously working configuration, I completely agree that it's correct.That's why there should be a way to uninstall the patch, as I wrote.
This requires that you have individual patches for each vulnerability, something that is often practically impossible (because of combinatoric explosion) and is a support nightmare if it is possible. Those vendors supplying source code are far better off in this area. You simply pick the parts you like and recompile your own version. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Is Mozilla's "patch" enough?, (continued)
- Re: Is Mozilla's "patch" enough? Pavel Kankovsky (Jul 12)
- Re: Is Mozilla's "patch" enough? William Warren (Jul 12)
- Re: Is Mozilla's "patch" enough? Thomas Kaschwig (Jul 12)
- Re: Is Mozilla's "patch" enough? Barry Fitzgerald (Jul 12)
- Re: Is Mozilla's "patch" enough? William Warren (Jul 12)
- Re: Is Mozilla's "patch" enough? Thomas Kaschwig (Jul 13)
- Re: Is Mozilla's "patch" enough? Aviv Raff (Jul 12)
- Re: Is Mozilla's "patch" enough? Georgi Guninski (Jul 12)
- Re: Is Mozilla's "patch" enough? Aviv Raff (Jul 12)
- Re: Is Mozilla's "patch" enough? Florian Weimer (Jul 12)
- Re: Is Mozilla's "patch" enough? Aviv Raff (Jul 12)
- Re: Is Mozilla's "patch" enough? Florian Weimer (Jul 12)
- Re: Is Mozilla's "patch" enough? Aviv Raff (Jul 12)
- Re: Is Mozilla's "patch" enough? Aviv Raff (Jul 12)
- Re: Is Mozilla's "patch" enough? Pavel Kankovsky (Jul 12)
- Re: Is Mozilla's "patch" enough? Thomas Kaschwig (Jul 12)
- Re: Is Mozilla's "patch" enough? Daniel Wang (Jul 13)