Mailinglist Archive: opensuse-security (195 mails)

< Previous Next >
Re: [suse-security] SuSE Security Announcement - make-3.77
  • From: John Grant <jmgrant@xxxxxxxxxxxx>
  • Date: Tue, 07 Mar 2000 02:38:44 -0800 (PST)
  • Message-id: <200003071038.CAA16523@xxxxxxxxxxxxxxxxx>
Petri Sirkkala. said:
>
>
> On Mon, 6 Mar 2000, Yasholomew Yashinski wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
[snip]
> > So I tell you that you should use qmail because the latest sendmail is
> > crackable. Is this true, or am I just spreading FUD? An exploit allows
> > admins to try it on their systems.
>
> I don't care if it is a FUD or not. I only react to those mails
> originating from SuSE or the real vendors of the programs. These are of
> course the parties that need the exploits to verify the bug, and then
> send the _official_ security issues.

Getting too dependant on SuSE would be Bad. Not that I don't appreciate their
efforts to fix problems, or that they don't do a good job of it. I do, and
from what I've seen they do.

but

What if SuSE got bought by Bill Gates, who then said "SuSE is the BEST, MOST
SECURE Linux dist EVER, and always will be! Send me your $$$." So the week
after, sendmail gets hacked. But BG says, "We already fixed that in MY dist!
We're the best! Send me more $$$!"

So, how do you tell if you're _really_ hackable or not? How long should you
have to wait to find out? If I'm responsible for the security of my system, I
want to know _now_, both so I can fix the problem in a timely manner and so I
can tell if ol' Bill is lying to me so I can take my business elsewhere.

-John


< Previous Next >
List Navigation
Follow Ups
References