Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Sunday 2008-07-13 at 23:26 -0700, John Andersen wrote:
On Sun, Jul 13, 2008 at 9:26 PM, Rajko M.
wrote: [1] Security trough obscurity is often criticized as bad practice, but actually it is the only way security can work.
Simply not true. Just because you don't have all pieces to the puzzle does not mean that the security is provided by obscurity.
The patches for the recent DNS security problem were prepared in secret by all distros and OSes. The hole itself has not been publicly explained, as far as I know.
That's a good sample of security by secrecy...
Not quite. They simply didn't announce how that problem could be exploited. The source code and fix will be publicly available. -- Use OpenOffice.org http://www.openoffice.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org