User: Password:
|
|
Subscribe / Log in / New account

Shuttleworth: Not convinced by rolling releases

Shuttleworth: Not convinced by rolling releases

Posted Mar 10, 2013 8:32 UTC (Sun) by Cyberax (✭ supporter ✭, #52523)
In reply to: Shuttleworth: Not convinced by rolling releases by HenrikH
Parent article: Shuttleworth: Not convinced by rolling releases

I used to think like that a couple of year ago.

However, the amount of apps hacking through vulnerable bundled libraries is fairly small. Sometimes attacker might get lucky with the "perfect storm" like the gdiplus vulnerability in Windows. But most of the time, inhomogeneity plays against the attacker in this case - it's hard to write an exploit that would work against several slightly different versions of libraries.

Then there's a question of applications themselves. I think we all can assume that stuff like Word or OpenOffice is probably riddled with undiscovered security holes. Never mind less popular software like Okular or Krita.

So IMO it's better to treat ALL applications as possibly hostile and contain them in various sandboxes as much as possible.


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds