vulnerability of Linux

[John Summerfied]

Les Mikesell wrote:
> On Mon, 2005-11-28 at 18:31, Mike McCarty wrote:
> 
>>>Why is it safer to update 10 packages once a month than 0.33 packages
>>>every day?
> 
> 
>>Because packages sometimes get retracted. I like to let them
>>soak for a while before installation. And I don't install 10
>>a month. Usually, only two or three get updated. Also, when
>>I update, I *look* at what is being updated, and I don't always
>>accept everything there.
> 
> 
> Can you give some examples of where you have known better
> by "looking" at the updates than the developers who wrote
> them about whether you are safer without them?
> 

If there's a kernel update fixing a security problem only exploitable 
with local access, and I control the only account with local access, 
then I don't need it.

If there's a kernel update fixing a SATA problem, I don't need it.

If there's an Xorg update fixing an nVidia problem, I don't need it.

If there's an update affecting OOo, I probably don't need it unless 
someone complains.

I've just looked at the kernel changelog for kernel-2.6.10-1.760_dl3. 
The only change in it I need is one I made.

Examples of kernel fixes I don't want:
- Enable advansys scsi module on x86. (#141004)
- Reintegrate Tux. (#144812)
- Reintegrate netdump/netconsole. (#144068)
- Reenable CONFIG_PARIDE (#127333)
- Add another Lexar card reader to the whitelist. (#143600)
- Package asm-m68k for asm-ppc includes. (don't ask). (#144604)
- Drop 4g/4g patch completely.
- Fix bio error propagation.
- Clear ebp on sysenter return.
- Extra debugging info on OOM kill.
- exit() race fix.
- Fix refcounting order in sd/sr, fixing cable pulls on USB storage.
- IGMP source filter fixes.
- Fix ext2/3 leak on umount.
- fix missing wakeup in ipc/sem


Most, if fact.



-- 

Cheers
John

-- spambait
1aaaaaaa at computerdatasafe.com.au  Z1aaaaaaa at computerdatasafe.com.au
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/

do not reply off-list