On 09/03/2011 03:55 PM, David wrote: > On 9/3/2011 6:29 PM, NoOp wrote: >> On 09/03/2011 02:57 PM, David wrote: >> ... >>> >>> What 'bothers' me about this is the smug that do not accept that this is >>> a real threat to us all. Which was my point. No one is 'bullet proof'. >> >> Not even kernel.org: > > <snip> > > I saw that. Did you see just how long it took to find the attack? ...
Yes, of course I did. But also note that it appears that entry may have been made by a compromised user credential & that were/are being taken. Imagine how long it would take to find an outdated JRE attack when using insecure versions of Java? Which is of course the issue in this thread. Anyway I'm out of this thread as I think that sufficient warnings/discussion regarding using old versions of JRE have been made. My recommendation, given the above & all the other warnings by other contributors in this thead, is to use the latest security patched versions of whatever application/OS is in use. IMO anyone that uses software that has known security vulnerabilities does so at their own risk. If Base users are experiencing speed issues due to Java versions, file a bug (both on LO bugzilla and with Oracle) - that is the *only* way that I know of resolving the issue. Hosting old insecure versions of code isn't (IMO) the answer, and continued promotion for using such on this list is (again IMO) simply irresponsible and wrong. -- For unsubscribe instructions e-mail to: [email protected] Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
