Jarry wrote:
As I said previously: fixing errors later is my problem. But if I do
not close some security leak, it would be then problem for me and maybe
someone else too. There are too many unpatched and vulnerable computers
on the net, I did not want to cotribute to it...
But there is definitely something in what you are saying. Maybe I will
think over it again...
Your assumption works if your only line of defense is the software
itself. This is why your smart security book recommends a layered
defense such as a firewall, system acls or capabilities, dropping
privileges, chrooting services, configurations done with security in
mind, selinux, stack protection, etc. Ideally you'd be able to schedule
an update in the window of your choosing because your other defenses are
in place protecting you until you can update your software in a
controlled sensible way without downtime. It's not always the case, but
the odds are much more in your favor in this scenerio.
kashani
--
gentoo-user@gentoo.org mailing list