From: Stephen Hemminger <[email protected]> Date: Mon, 22 Nov 2010 20:31:31 -0800
> On Tue, 23 Nov 2010 03:51:53 +0000 > Ben Hutchings <[email protected]> wrote: > >> Recent review has revealed several bugs in obscure protocol >> implementations that can be exploited by local users for denial of >> service or privilege escalation. >> >> The decnet protocol (PF_DECnet) is unmaintained. Since 2.6.12-rc2 the >> only changes appear to be adjustments for net API changes and fixes >> for bugs found by inspection. >> >> This protocol generally should not be enabled by distributions, since >> the cost of a security flaw affecting all installed systems presumably >> outweighs the benefit to the few (if any) legitimate users. >> >> Signed-off-by: Ben Hutchings <[email protected]> > > NAK there are still users and stuff does get fixed. > If you don't like it then disable it from config. Seriously, I can't even remember a bonifides security flaw in decnet being found recently and in fact the decnet stack is very well written code. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
