The Adventures of Joshua Judson Rosen
(action man)

[ sections: VisualIDs | art | movies | everything ]


Sun, 28 Jun 2009
[@]

11:39: Meta-Security

Among the security-patches listed on my laptop, this morning:

gnupg (1.4.9-3+lenny1) stable; urgency=low

I love it when there are security-fixes that I need for my security software....

Though, really:

  • It's better than the model wherein I need fixes that don't exist because the supplier reduces the `number of acknowledged issues' by... not acknowledging the issues.

  • Not only do the upstream maintainers actually acknowledge the problems (which is the first step to actually addressing them), and fix problems, but there's also a community safeguard (e.g.: the Debian security team), vindicating that oft-cited benefit of using open systems: > Tough you don't have to, you can just fix it yourself rather > than waiting for someone else to get around to it.

  • The `security' problem is that GPG can be made to run slowly enough that a server supporting uploads can be DoS'd. That's actually not so bad, as far as things go.

To give the closed-systems guys the benefit of the doubt: maybe it's not fair to expect them to acknowledge all of their flaws--maybe they aren't even capable of knowing that the problems exist. Where is Microsoft's public bug-reporting tool?

[Reply]