Carlos E. R. wrote:
The Friday 2008-07-18 at 01:11 -0400, John E. Perry wrote:
Carlos E. R. wrote:
... Nevertheless, what I said is absolutely true: the recent patches
DNS security problem have been prepared in secret. It was a secret
for the there
were a security problem and that they were preparing a solution, and it was released simultaneously by all distributions on the same day. Till everyone was prepared, the kept silence.
Splitting that particular set of hairs makes no difference to me; I stand firmly by all my comments.
So do I :-)
It is a fact that secrecy is sometimes used for security in Linux. Temporarily at least.
-- Cheers, Carlos E. R.
You seem to be missing the entire point. "Security through obscurity" means never revealing how something works, in the hopes that someone won't look through the source code, in order to find a way in. It does not mean keeping a known flaw secret, while working on a fix. If they were to publicly reveal the flaw, before the fix was available, it'd be the same as putting a sign on your house "The back door lock is busted. Please go around back to break in". On the other hand, security in open source software means the mechanism is open for all to inspect and the strength depends on doing things properly, instead of hoping no one notices the flaws. -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org