On Sun, 2007-11-04 at 01:23 +0100, Anders Johansson wrote: > On Sunday 04 November 2007 00:31:40 Aniruddha wrote: > > I would like to say goodbye. During an discussion on the Packman mailing > > list about the security policy of the Packman repo (see > > http://schiffbauer.net/pipermail/packman/2007-November/thread.html ) I > > realized openSUSE isn't what I looking for. To be honest this has also > > something to do with the rude manner in which my questions were > > answered. > > The rudeness aspect I can certainly agree with. There is hardly ever a reason > to be rude.
Even worse theses type of discussions tend to distract from the main argument thereby hampering any progress that could be made. > The security aspects however I can not. If you seriously believe that you can > get more security out of gentoo, you are seriously mistaken. That would be a conclusion. And I haven't reached a conclusion yet since I was to busy investigating and asking questions ;) > And if you are > really basing your own commercial for-pay service on an upstream gratis > volunteer service, you are a lawsuit waiting to happen > > You may trust gentoo, but what if something happens? No one has paid gentoo > anything, so why should they care? And even if they do care, they certainly > won't get out of bed at 2am to help you solve your problems > > If you are really serious about starting an IT company and selling service to > your customers, you need to either be prepared to provide that service > yourself, or contract with some other company to do that service for you. > Gratis is nice, but there really are no deadlines in open source Like I said earlier. An OS is to me is a tool, and I would like to use the best tool for the job. My main "tool" is Windows since 99% of my customers use that. Besides Windows I would like to offer an alternative. Since Linux in my opinion is also a tool I try to determine the best tool for each job. For one customer that can be openSUSE, another one SLED or Red Hat, etc. etc. That's why I asked all these questions, to help me determine which "tool" to use for which "job". > > And about your thread on packman, I hope you know that a "malicious change" > can be as simple as changing a buffer size check from 10 to 11, or changing > fgets to gets. No rootkit detector in the world will find that, but after > such a change, a malicious user can walk right in > > Anders Interesting point. I didn't know that. This change would create a buffer overflow attack right? -- Regards, Aniruddha Please adhere to the OpenSUSE_mailing_list_netiquette http://en.opensuse.org/OpenSUSE_mailing_list_netiquette -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
