-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2008-07-14 at 09:43 -0400, James Knott wrote:
The patches for the recent DNS security problem were prepared in secret by all distros and OSes. The hole itself has not been publicly explained, as far as I know.
That's a good sample of security by secrecy...
Not quite. They simply didn't announce how that problem could be exploited. The source code and fix will be publicly available.
The analysis of the exploitation has not been made public; and the fact of the possible exploitation was kept secret till all distros had prepared their respective patches, which were then published the same day. It certainly has not been managed in the open. The details will be published, if I didn't misunderstood, at a conference in August. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIe26KtTMYHG2NR9URAmPrAJ9sMsSZTMBSy0UQha9wfYNX3DazZQCfd8h2 nAMK21KrUse76A2qepFB2dY= =Or4u -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org