On Thu, May 22, 2003 at 09:41:05AM -0500, yonaton@tds.net wrote:
Hi ya gang,
I'm in a kinda heated discussion with someone in another NG about the MySQL vulnerability. He's saying that up to and including the version in SuSE 8.2 (3.23.55 -14) is still the vulnerable version(s). He's put up some URL's that show it's only a *candidate* (at least that's how I read it), but not fully acknowledged yet as 'vulnerable'. So if anyone here knows better, *is* the version in 8.2 vulnerable?
Probably. I don't have a definitive answer.
Also, he's saying that the 'kernel vulnerability' in 2.4.20 will affect *all* linux distros that use it. I say that by each distro doing it's own 'patching' of kernels doesn't necessarily mean it's 'vulnerable' in *every* distro. I'm probably and will easily admit it, but I figured I'd find out from other sources (you guys) first, since I don't wqant to take the word of one person only...him. My argument is, that since I've not seen or heard of either of these vulnerabilities in SuSE 8.2, and that if they *were* affecting 8.2, SuSE is *very fast* to make the announcements along with workarounds and/or a patch or updated rpm of <whatever>.
Which kernel vulnerability? This one? http://lists2.suse.com/archive/suse-security-announce/2003-Mar/0011.html If it is, you'll see that 8.2 isn't vulnerable. Some distros may have patched 2.4.20 to fix the vulnerability. Some may have added their own patch for something else, and fixed it by accident (although this is less likely).
One last thing (it's an argument covering a lot of areas, heh), he's also saying that SuSE is 'meager' in its support of applications. He says Debian supports 8000 apps to SuSE's 2000...is this true also? He said 8000 are on the Debian CD's, I argued, that though there's may not be 8000 on the SuSE CD's/DVD's, that doesn't mean the apps won't work in SuSE, that he's just using a poor argument to say how Debian is 'better' overall (I personally don't think any one distro of Linux is 'better' or 'worse' than another, because it's *all* Linux, but this guys started to put down SuSE with a lot of unfounded garbage and I stepped up to defend the 'unfounded' part, not jusy SuSE).
Number of applications is a pointless argument. If it works on Debian, it'll probably work on SuSE; if not, then a bit of tinkering will probably make it work. SuSE is very good in terms of the number of apps distributed. Anyway, what do you call an 'application'? You can massage figures to tell you anything you want.
So...am I really way off base and throwing mud in my own face with my arguments against this guy?
Possibly. Possibly not
Opinions anyone?
Don't bother. He's obviously a Debian evangelist. You're not going to change his mind. Let him use Debian. At least he's not using Windows. You're happy with what you're using (I hope). Keep using it. Don't waste your time arguing; do something more productive. On that note... -- David Smith Work Email: Dave.Smith@st.com STMicroelectronics Home Email: David.Smith@ds-electronics.co.uk Bristol, England GPG Key: 0xF13192F2