Expanding the list of "Hardened Packages"
Miloslav Trmač
mitr at volny.cz
Mon Apr 15 16:48:32 UTC 2013
On Sat, Apr 13, 2013 at 7:51 PM, Reindl Harald <h.reindl at thelounge.net>wrote:
> which raises the question again:
>
> would it be not the better way to build the whole distribution hardened
> by expierience that nearly anything is exploitable over the long and
> performance comes after security
>
The logical conclusion from this is to move to a language with automatic
memory management. The "top vulnerability" reports for programs written in
C/C++ and most other languages so different that starting a new project
that processes untrusted data in C/C++ is becoming indefensible.
We seem to be stuck with C as the lowest common denominator that can be
used from any runtime; long-term we _need_ to move away from that, or Linux
will gain the reputation of least-secure OS around.
Now, what to move to? I currently don't have see any language/runtime I
could recommend, which is in itself rather frightening.
Mirek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20130415/d8b3ca38/attachment.html>
More information about the devel
mailing list