Re: The Myth of Open Source Security

2000-06-15 Thread Adam Morrison
> AM>> Because they fixed so MANY holes, it isn't practical. > > What isn't practical, sending CC of CVS diff fixing the hole to > maintainer of the tool? Or to bugtrack? Or publishing it on some page? If you seriously think that, then you don't have a clue as to the extent of the work the Open

Re: The Myth of Open Source Security

2000-06-13 Thread Stanislav Malyshev a.k.a Frodo
AM>> Because they fixed so MANY holes, it isn't practical. What isn't practical, sending CC of CVS diff fixing the hole to maintainer of the tool? Or to bugtrack? Or publishing it on some page? Gimme break. -- [EMAIL PROTECTED] \/ There shall be counsels taken Stanislav Malyshev /\ S

Re: The Myth of Open Source Security

2000-06-13 Thread Adam Morrison
"Stanislav Malyshev a.k.a Frodo" wrote: > What I don't like in OpenBSD is when someone discovers security hole they > pop up and say "we've fixed it yet back in 1997". So why didn't you share > it? Just to keep the claim of "most secure OS" or just because they don't > care? Because they fixed s

Re: The Myth of Open Source Security

2000-06-11 Thread Ira Abramov
On Sun, 11 Jun 2000, Omer Mussaev wrote: > > What I don't like in OpenBSD is when someone discovers security hole they > mainly because they do want to _produce the most secure OS_ and not to > _have people use the most secure OS they produce_, IMHO. make the most secure OS on the planet, then

Re: The Myth of Open Source Security

2000-06-11 Thread Omer Mussaev
"Stanislav Malyshev a.k.a Frodo" wrote: > RS>> Try out OpenBSD for size > RS>> (they claim Three years without a remote hole in the default install! Two > RS>> years without a localhost hole in the default install!) > > What I don't like in OpenBSD is when someo

RE: The Myth of Open Source Security

2000-06-10 Thread Stanislav Malyshev a.k.a Frodo
RS>> Try out OpenBSD for size RS>> (they claim Three years without a remote hole in the default install! Two RS>> years without a localhost hole in the default install!) What I don't like in OpenBSD is when someone discovers security hole they pop up and say "we

RE: The Myth of Open Source Security

2000-06-09 Thread Rafi Sadowsky
On Thu, 1 Jun 2000, Chen Shapira wrote: > > For the sake of discussion, here is an interesting article on > > Open source security. > > > > http://developer.earthweb.com/journal/techfocus/052600_security.html > > Too bad he doesn't discuss the most important thing: time laps between the > mom

RE: The Myth of Open Source Security

2000-06-01 Thread Moshe Zadka
On Thu, 1 Jun 2000, Chen Shapira wrote: Slight correction: > Too bad he doesn't discuss the most important thing: time laps between the > moment the security problem is found and the moment a fix is released. > (define these loosly: fixed means a patch apears on redhat site, and found > means an

Re: The Myth of Open Source Security

2000-06-01 Thread Stanislav Malyshev a.k.a Frodo
SR>> For the sake of discussion, here is an interesting article on SR>> Open source security. Well, I guess all those articles just say one thing people should know from start: "There's no silver bullet". Like, no, Open Source is not silver bullet either. -- [EMAIL PROTECTED] \/ There sh

RE: The Myth of Open Source Security

2000-06-01 Thread Chen Shapira
> For the sake of discussion, here is an interesting article on > Open source security. > > http://developer.earthweb.com/journal/techfocus/052600_security.html Too bad he doesn't discuss the most important thing: time laps between the moment the security problem is found and the moment a fix i