[OT] Are security updates necessary?

Bill Davidsen davidsen at tmr.com
Thu Jun 26 15:10:02 UTC 2008


Mike Bird wrote:
> On Sun June 15 2008 17:50:16 Arthur Pemberton wrote:
>> On Sun, Jun 15, 2008 at 7:09 PM, Bill Davidsen <davidsen at tmr.com> wrote:
>>> The problem is that "use your machine" for most people is not limited to
>>> playing solitaire on a machine without network connections.
>> Buy a router? Use the software firewall?
> 
> Neither protects against security holes in web browsers,
> mail clients, word processors, etc.  Any web page you
> visit, any email you read, any image you view, any
> document you read ... could contain malformed data
> trying to exploit buffer overflow or other security bugs.
> 
In a review of OpenSuSE 11 one reviewer praised using the 3.5 KDE parts 
to provide functionality. I have the impression from what he said that 
their KDE is mostly 4 with a helping of 3.5 to provide working versions 
of some things which aren't properly functional in 4.x.

Either they're more trusting than Fedora, or less concerned with being 
bleeding edge vs. functional, or just less influenced by KDE folks to 
get the new stuff out there.

As for security, CentOS-5.2 (and the underlying RHEL) use KDE 3.5, so I 
assume that there is a security enhanced 3.5 available for Fedora if the 
decision were made on technical capability, rather than some goal to 
have the latest stuff, be it functional for users or not. So either you 
are saying that the KDE in RHEL is insecure, or that Fedora chose not to 
provide the previous functionality for users, even though you have an 
enterprise 3.5 in-house.

-- 
Bill Davidsen <davidsen at tmr.com>
   "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot




More information about the fedora-list mailing list