LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Credit where credit due

Credit where credit due

Posted Feb 26, 2004 4:14 UTC (Thu) by ncm (subscriber, #165)
Parent article: The trouble with backporting fixes

I believe it has always been OpenBSD's position that all bugs are security holes until proven otherwise. It's no fun seeing proof.

Running newer versions is no panacea. New features are fertile ground for un-reported and un-analyzed bugs, readily discovered by inspection. It may be that critically-exposed software should be released in a form in which new features can be ifdef'd out until after they have been vetted thoroughly.

(Log in to post comments)

Credit where credit due

Posted Feb 26, 2004 11:13 UTC (Thu) by khim (subscriber, #9252) [Link]

Running newer versions is no panacea.

Most big projects have two versions anyway: stable and development (untested, beta, etc). Vendors should stick to stable version and try to avoid creation of "super-stable" version by backporting only security bugs. Reason is simple: almost noone (except very few maintainers and black hats) will look on this version. That's all.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds