lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu, 17 May 2012 15:33:17 -0400
From: valdis.kletnieks@...edu
To: Adam Zabrocki <pi3@....com.pl>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>, taviso@...xchg8b.com
Subject: Re: The story of the Linux kernel 3.x...

On Thu, 17 May 2012 20:56:54 +0200, Adam Zabrocki said:

> Sorry I can not agree with you. Suse 12.1 is very new/fresh distribution
> so I don't see any point of delivering "old" binaries with new system.
> Still there is an open question about 3rd party vendors applications.

Exactly - it's all about the old 3rd party binaries.

> But if you look carefully for our discussion you will realize that other
> systems do not have problem with that so you are suggesting that only
> Suse don't have problems with clients?

Each distro has to decide for itself where to draw the line, and apparently
Suse 12.1 drew it differently than others. Keep in mind that Suse is targeting
itself as an "enterprise" distro.  As such, they have to worry a lot more about
shops that run huge ancient creeping-horror software systems that often have
binaries that nobody really understands how to rebuild.

My point was just that it's not necessarily a "mistake" (as you put it) - each
distro has to make lots of these sorts of decisions every release cycle.  Stay
compatible with old stuff, or ship new stuff?  Decide to keep a compatibility
option around for one more release cycle, and you take heat for having old
stuff.  Go the other way, and you end up shipping Unity. :)

> Additionally Marcus Meissner from the Suse team wrote interesting
> sentence about problem with 'old' binaries:

> "Nobody can actually point to an application that breaks."
> and "openSUSE 12.2 will have it disabled."

I'll bet a large pizza with everything but anchovies that once 12.2 ships,
somebody will find an application that breaks.  But we'll probably never hear
about it, because nobody will want to admit having that creeping horror binary. ;)


Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ