On Thursday 15 March 2007, Hartmut Meyer wrote:
Are you saying that only kernel security issues are relevant?
The next security advisory (from today) was about PHP ...
I'm afraid I just don't get what your talking about :-(
Yes, its becoming obvious. php and mozilla can be compiled and will run on a wide range of kernels. All of them are available in source code. You can easily run Suse 8.2, (out of maintenance for years now) which has a 2.4.something kernel, and have it connected to the net 24/7 as say a firewall router, mail server, database server, etc with only a very few ports open, and be as safe as running the most current kernel. Kernels do not become unsafe the minute suse walks away from them. Further, if you are not running Mozilla on the machine, or php, and just use it as a router, you might be safe for years and years. Even running a mail server on an old kernel you can be safe. You would do the due diligence of maintaining the software you were running, such as sendmail, or whatever, (compiling from source) to keep those portions up to date. What do you think is in those hardware routers everyone hides their Windows machines behind? Usually linux, or some slimmed down bsd. And those things usually NEVER get an upgrade. I am aware of government agencies running special purpose machines for data collection which run ancient old debian distros with one or two ports open for ssh and data transmission. They have never been hacked. -- _____________________________________ John Andersen