User: Password:
Subscribe / Log in / New account

Credit where credit due

Credit where credit due

Posted Feb 26, 2004 4:14 UTC (Thu) by ncm (subscriber, #165)
Parent article: The trouble with backporting fixes

I believe it has always been OpenBSD's position that all bugs are security holes until proven otherwise. It's no fun seeing proof.

Running newer versions is no panacea. New features are fertile ground for un-reported and un-analyzed bugs, readily discovered by inspection. It may be that critically-exposed software should be released in a form in which new features can be ifdef'd out until after they have been vetted thoroughly.

(Log in to post comments)

Credit where credit due

Posted Feb 26, 2004 11:13 UTC (Thu) by khim (subscriber, #9252) [Link]

Running newer versions is no panacea.

Most big projects have two versions anyway: stable and development (untested, beta, etc). Vendors should stick to stable version and try to avoid creation of "super-stable" version by backporting only security bugs. Reason is simple: almost noone (except very few maintainers and black hats) will look on this version. That's all.

Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds