Date: Mon, 20 Jul 1998 17:08:05 -0600 From: Brett Glass <brett@lariat.org> To: patl@phoenix.volant.org Cc: security@FreeBSD.ORG Subject: Re: Automatic updates Was: Why is there no info on the QPOPPER hack? Message-ID: <199807202308.RAA26536@lariat.lariat.org> In-Reply-To: <ML-3.3.900961487.7363.patl@asimov> References: <199807201740.LAA20525@lariat.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
It need not be a hole, so long as it is cryptographically secure. One could even configure it so that it takes several long keys held by different parties to activate. I can envision a very safe trust infrastructure for this, with far less probability of intrusion than via the code it replaced. Microsoft is getting flack about their mechanism because it is involuntary and gathers data on users surreptitiously. Third party mechanisms, such as Symantec's automatic update and Cybermedia's Oil Change, are well accepted. --Brett At 12:04 PM 7/20/98 -0700, patl@phoenix.volant.org wrote: >> At 11:28 AM 7/20/98 -0500, you wrote: >> >> >You don't expect all of your software to automaticly upgrade for you, do >> >you? >> >> That's a darn good idea. Several Windows apps do this already. Why not >> the FreeBSD ports? > >You obviously haven't seen any of the flack Micro$oft is getting >about this 'feature'. Most third parties are recommending turning >it off. (The biggest problem seems to be that it doesn't track >enough of the system config info to make sure the updated version >is actually compatible with the rest of the system.) > > >Also, can you say 'major security hole'? Sure you can. > > > >-Pat > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807202308.RAA26536>