Scott Dier - dieman wrote:
[you in this article refers to all administrators everywhere, not the
original poster, please don't take it personally]
On Tue, 28 Jan 2003, alex wrote:
Has the Linux security bubble burst?
Without reading the article, and at the risk of making myself look foolish
with cross posting to a gaggle of lists.
What security bubble?
Oh, never mind, reading the first paragraph its some "Security Expert"
making sure that they can make some copy. I'm pretty impressed by these
sorts of articles that assume that systems administrators aren't rooted in
'reality'. That every one of us is some sort of zealot just trying to get
linux into places with empty promises of 'its more secure' and 'they fix
bugs faster'.
Use the software with the best merits. If your merits happen to include
that its non-proprietary, don't fool yourself (nor your employer) into
some game of 'its more secure'. Don't misrepresent the work that you do.
I don't think we would be seeing these articles if there wasn't some form
of zeolotry going on to mislead upper management. Please 'sell' the merits
of the software on the merits.
However, one point I do see, about security fixes in decent time from
source to distribution form seems to focus on product life cycle rather
than true experience and actual facts. I would love to see a comparison
of distributions that shows how dedicated many of the Linux distributions
are at distributing stable and secure fixes to users in a timely fashion.
I believe that just about everyone is taking security more seriously
than they did three or four years ago, but not everyone has the
processes and procedures in place to deal with issues in a timely and
effective manner. The Debian resources, which you've included in your
posting, do seem to be quite serious about dealing with security issues,
and that is nothing new for them, so there have always been mechanisms
in place for evaluating product security and resolving urgent issues
when they are discovered.
No system, however, is completely foolproof. Even Microsoft issued a
bunch of security patches as long as six months ago, but only during the
past week or so, we've heard complaints about systems being overrun with
worms and viruses that should have been confinable, but weren't because
administrators failed to keep their systems up to date.
I'm a big Linux fan because of usability, extensibility, flexibility,
and security issues. I believe that the different mechanisms available
with GNU software, especially the Debian GNU/Linux way, lends itself
well to dealing with these issues. But not even Debian can deal with
systems that are improperly managed. Apparently some people still don't
take software maintenance seriously. Self managed systems can help
some, but it still takes involvement from people, and that will always
be the bottom line as far as I am concerned.
--
Brian Masinick
mailto:[EMAIL PROTECTED]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
