On Wed, May 14, 2003 at 11:53:31PM +0300, Chris Leishman wrote: > Then people can bitch and moan about package X not being available and > can do something to fix it (eg. finally start doing security updates > for testing). Or they can just put up with it. But either way, their > box wont be a honey pot.
Removing a package from the archive is not very useful as a security measure. Most users who want the package will already have it installed, and it is those users who are most exposed. It's not unusual for a vulnerability to exist for a long time before it is discovered, during which time a large number of users will have installed it. -- - mdz