| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 4 Sep 2003 10:45:10 +0200 From: "Stefano Zanero" <stefano.zanero@...e.org> To: "BugTraq" <BUGTRAQ@...URITYFOCUS.COM> Subject: Re: Windows Update: A single point of failure for the world's economy? > More of a risk than up2date for RedHat or emerge -u system for Gentoo? Or > cvsup for *BSD? Yeah. A lot more. None of these is enabled "by default" or, worse, "mandatorily", which was the point of my post. Additionally, none of these ADD or REMOVE things from your system you didn't configure. In addition, emerge and cvsup work on source code, not on binaries. And I'd say (albeit I'm ready to receive proofs of the contrary) that the odds of a binary patch crashing a system are well above those of a source patch and recompilation. รน As a final note, there's always a question of userbase to consider. And of ecological difference in the species and flavors of *nixes and of their update systems. Please note that I am not against this solution for privacy advocacy or trust reasons, which were raised in another post to the list. If you run a closed source operating system, it is quite pointless to worry about the "patches" and what they might introduce in it at a later time. However, on this particular point, I'd like to understand if this proposed auto-patching would be limited to urgent bugfixes, or would include the "updated features" that sometines shine on the Windows Update site (for instance, DirectX upgrades and similars, or updates for FireWire electric ovens). Just my 0.02 EUR, which is quite similar to the traditional 0.02$ these days. Stefano Zanero
Powered by blists - more mailing lists