Posted Jun 26, 2007 4:01 UTC (Tue) by njs
In reply to: Minimizing packages
Parent article: Counting vulnerabilities
I know, but that's not very relevant to what I'm talking about. The issue I'm pointing out is that your particular set of programs each compiled with your particular quirky set of USE flags might have some novel security bug that no-one else noticed. Code that lots of people use tends to be well tested and highly scrutinized; weird and rarely used #ifdef'ed code tends to be just the opposite. This thread is advocating using more of the latter sort of code, and thus might actually increase security exposure. Running that same rarely used code across 10 boxes instead of 1 won't affect how much scrutiny it gets, you need lots of people in lots of different situations to get that.
It's hard to know whether this extra risk is important or just theoretical, though, hence my curiosity about quantifying it...
to post comments)