| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200404142259.43621.jluehr@gmx.net> From: jluehr at gmx.net (Jan Lühr) Subject: 1 patch for 1 vulnerabiliy for Linux and BSD? gunna try and sell us a bridge now too? Greetings, Am Mittwoch, 14. April 2004 22:18 schrieb Exibar: > are you kidding me? for years and years all I've heard from *nix people is > how secure the OS is and that there aren't as many patches needed for it > and if a vuln is found a patch is released right away.... hey, hey. Slow down. The number of patches is not a direct indicator of the security of a system. More complex system require more complex patches and more patches. What you see here, is a DSA _synchronised_ with the release of 2.4.26. That means, that because of no exploits going around here, some distributors doesn't see any need to release fixes, before a the major distributors and kernel.org could release the new versions. Because kernel-release-version do not have a crappy patch-level-number, a lot of issues were fixed in a new release. (Imagine you have a new release number for every single one turned into a zero in the sources, every != turned into a ==) This time, five of them were security related. What's your point? > ----- Original Message ----- > From: "John Sage" <jsage@...chhaven.com> Please learn to quote. Keep smiling yanosz
Powered by blists - more mailing lists