lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <008d01c372c2$572c2a80$1302a8c0@vplab.local>
Date: Thu, 4 Sep 2003 10:45:10 +0200
From: "Stefano Zanero" <stefano.zanero@...e.org>
To: "BugTraq" <BUGTRAQ@...URITYFOCUS.COM>
Subject: Re: Windows Update: A single point of failure for the world's economy?


> More of a risk than up2date for RedHat or emerge -u system for Gentoo?  Or
> cvsup for *BSD?

Yeah. A lot more.

None of these is enabled "by default" or, worse, "mandatorily", which was
the point of my post. Additionally, none of these ADD or REMOVE things from
your system you didn't configure.

In addition, emerge and cvsup work on source code, not on binaries. And I'd
say (albeit I'm ready to receive proofs of the contrary) that the odds of a
binary patch crashing a system are well above those of a source patch and
recompilation.
รน
As a final note, there's always a question of userbase to consider. And of
ecological difference in the species and flavors of *nixes and of their
update systems.

Please note that I am not against this solution for privacy advocacy or
trust reasons, which were raised in another post to the list. If you run a
closed source operating system, it is quite pointless to worry about the
"patches" and what they might introduce in it at a later time.

However, on this particular point, I'd like to understand if this proposed
auto-patching would be limited to urgent bugfixes, or would include the
"updated features" that sometines shine on the Windows Update site (for
instance, DirectX upgrades and similars, or updates for FireWire electric
ovens).

Just my 0.02 EUR, which is quite similar to the traditional 0.02$ these
days.

Stefano Zanero




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ