On Thu, 26 May 2005, Roberto C. Sanchez wrote: > On Thu, May 26, 2005 at 06:41:18PM -0700, Alvin Oga wrote: > > > > > > CAN-2005-1263 [Linux kernel ELF core dump privilege escalation] > > > > - kernel-source-2.6.11 2.6.11 2.6.11-4 > > > > - kernel-source-2.6.8 2.6.8-16 > > > > - kernel-source-2.4.27 2.4.27-10 > > > > always use the latest kernel ... from kernel.org ... > > > > and similarly with other important binaries from their > > respective originating site > > mta, apache, kernel, glib, make/gcc, bash, endless list > > > > Sorry, but that is horrible advice. For every app you get directly from > upstream, you become directly responsible for supporting security > issues. I understand that even if you use the Debian packages, you are > still ultimately responsible. Not only that, but the Debian Security > Team does an excellent job given the resources and situation. Woody has > versions of software that were no longer support upstream when Woody > shipped. That makes security support really difficult, but that doesn't > mean that someone should run out and install everything from source. > That sort of defeatst the purpose of a distro.
sounds like all the same identical arguments can also be used for using the originating sources instead of *.deb and the lag time between patches is up to the debian security team or *you/me* ... ones preferences to depend on *.debs should NOT make it better or worst than using *.tgz files released from the original sources i prefer to have tighter and finer controls than depend on old packages and as the orioginal poster noted ... the original problem he had has been fixed by the latest/greatest kernel ( *.30 ) which has been out for almost 2 months ( 2 months to wait for updates and security patches is too long for me ) c ya alvin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
