| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <43BDB9B8.5020405@linuxbox.org> Date: Fri Jan 6 00:40:45 2006 From: ge at linuxbox.org (Gadi Evron) Subject: Re: what we REALLY learned from WMF Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote: > It's easy for us on this side to Monday morning quarterback and say "oh > make it so". There are times too that I go...okay ...come on ...how > many days has it taken for that to get fixed? But then again, I don't > write code, I don't track back dependencies, I don't ensure umpteem > languages still work and all the other interconnectivity between > programs and code still function. > > It's easy to say this stuff on this side.... but understand that the > mere release of a beta patch puts in jeopardy all of the consumer home > machines and small businesses that have no admin to protect them and > take mitigation measures. > > What "I" really learned from this is to decide my "OWN" risk tolerance > and stop listening to all the sites and blogs and news reports and what > not that spread a lot of FUD and misinformation and used this many times > as a PR vehicle. Only I know what risk I will tolerate. That's what I > learned from this. And only you can decide your own risk vs. gain. Question is though, as I agree with you about BETA patches (although you don't have to use them), is if RELEASE patches can be released a lot faster? This is what this case taught me. Gadi.
Powered by blists - more mailing lists