vulnerability of Linux
John Summerfied
debian at herakles.homelinux.org
Tue Nov 29 06:13:23 UTC 2005
Les Mikesell wrote:
> On Mon, 2005-11-28 at 18:31, Mike McCarty wrote:
>
>>>Why is it safer to update 10 packages once a month than 0.33 packages
>>>every day?
>
>
>>Because packages sometimes get retracted. I like to let them
>>soak for a while before installation. And I don't install 10
>>a month. Usually, only two or three get updated. Also, when
>>I update, I *look* at what is being updated, and I don't always
>>accept everything there.
>
>
> Can you give some examples of where you have known better
> by "looking" at the updates than the developers who wrote
> them about whether you are safer without them?
>
If there's a kernel update fixing a security problem only exploitable
with local access, and I control the only account with local access,
then I don't need it.
If there's a kernel update fixing a SATA problem, I don't need it.
If there's an Xorg update fixing an nVidia problem, I don't need it.
If there's an update affecting OOo, I probably don't need it unless
someone complains.
I've just looked at the kernel changelog for kernel-2.6.10-1.760_dl3.
The only change in it I need is one I made.
Examples of kernel fixes I don't want:
- Enable advansys scsi module on x86. (#141004)
- Reintegrate Tux. (#144812)
- Reintegrate netdump/netconsole. (#144068)
- Reenable CONFIG_PARIDE (#127333)
- Add another Lexar card reader to the whitelist. (#143600)
- Package asm-m68k for asm-ppc includes. (don't ask). (#144604)
- Drop 4g/4g patch completely.
- Fix bio error propagation.
- Clear ebp on sysenter return.
- Extra debugging info on OOM kill.
- exit() race fix.
- Fix refcounting order in sd/sr, fixing cable pulls on USB storage.
- IGMP source filter fixes.
- Fix ext2/3 leak on umount.
- fix missing wakeup in ipc/sem
Most, if fact.
--
Cheers
John
-- spambait
1aaaaaaa at computerdatasafe.com.au Z1aaaaaaa at computerdatasafe.com.au
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
do not reply off-list
More information about the users
mailing list