|
Among the security-patches listed on my laptop, this morning:
gnupg (1.4.9-3+lenny1) stable; urgency=low
I love it when there are security-fixes that I need for my security
software....
Though, really:
-
It's better than the model wherein I need fixes that don't
exist because the supplier reduces the `number of acknowledged
issues' by... not acknowledging the issues.
-
Not only do the upstream maintainers actually acknowledge the
problems (which is the first step to actually addressing them),
and fix problems, but there's also a community safeguard (e.g.:
the Debian security team), vindicating that oft-cited benefit of
using open systems:
> Tough you don't have to, you can just fix it yourself rather
> than waiting for someone else to get around to it.
-
The `security' problem is that GPG can be made to run slowly
enough that a server supporting uploads can be DoS'd. That's
actually not so bad, as far as things go.
To give the closed-systems guys the benefit of the doubt: maybe it's
not fair to expect them to acknowledge all of their flaws--maybe they
aren't even capable of knowing that the problems exist. Where is
Microsoft's public bug-reporting tool?
[Reply]
| ![[@]](/icons/VisualIDs/meta-security.png){kind=icon}