The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Draft: Security Alert Announce#1 Debian/GNU Linux#



On Thu, 31 Oct 1996, Sven Rudolph wrote:
> 
> However it is easier for me to release a new package that is
> inherently more secure than to fix a package 

well, i might be kassandra, but how can you do this? i mean
"inherently more secure" isn't something which i would try
to say about any software with more then 100 lines and which
isn't verified useing mathematical methods, which i doubt
have been used.

at least you should tell us _why_ you _think_ that it is
more secure.

it's easier to close a door which is known and be sure that
this bug no longer exists then to take a different package
and be sure that it is "inherently more secure". sorry, but
for me it sounds rather ridiculous. it's far less often used 
so the security holes are more likely to have been overlooked 
up to now.

> (This wasn't the first lpr security problem ...)

which means that now it has a lot possible security
holes closed and secured.

> Currently I have one incompatibility that I couldn't solve: LPRng
> seems to behave slightly differently when driving output filters, this
> causes problems with netatalk.

and might break apsfilter or magicfilter? 
no good news for people who do not have a postscript printer.

jjm

ps: anyone here seem's to know which problems lpr causes. well,
i do not and i'm glad if anyone would enlight me. i just looked
at CIAC and havn't seen anything regarding lpr. now my proxie 
is down and i cannot reach CERT.

pps: is the rz problem solved by now? i know from the source
that it was there some weeks ago but should be fixed by now.
it should be included in the alert. see
   http://ciac.llnl.gov/ciac/bulletins/g-31.shtml
(which is also a good example of what a security alert should
include. don't let debian look bad!)

-- 
Juergen Menden                   | Disclaimer: The opinions expressed by me, 
tel:    +49 (89) 289 - 22387     +-----------+ are (usually) not the opinions 
e-mail: menden@informatik.tu-muenchen.de     | of anyone else on this planet.

Hi! I'm a .signature virus!  Add me to your .signature and join in the fun!

--
Please respect the confidentiality of material on the debian-private list.
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com