Date: Sat, 23 Nov 2002 03:24:31 +0100 From: "Anthony Atkielski" <anthony@freebie.atkielski.com> To: "FreeBSD Chat" <freebsd-chat@freebsd.org> Subject: Re: Re[2]: FreeBSD: Server or Desktop OS? Message-ID: <014901c29297$74dc8040$0a00000a@atkielski.com> References: <20021116232242.S23359-100000@hub.org> <04f801c28e20$0a3665b0$0a00000a@atkielski.com> <10525754683.20021123004206@dds.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
Alex writes: > This policy doesn't help against security bugs. You can apply patches to correct security bugs, or you can configure your system so that bugs are not relevant for your application. > Only a couple of development tries are (officially) > supported. All a cracker would have to do is read > the bug warnings and use a good one to gain access to > you system. Most security bugs are never exploited. Whether or not one fixes every single bug is a matter of judgement; it may not be risk- or cost-justified to fix a security bug if it means upgrading or replacing the entire operating system. Additionally, if bugs are very numerous, it might be worthwhile to consider changing vendors. > I feel that a good production server should not > be CURRENT or STABLE but the latest RELEASE on > the STABLE tree, unless you got a good reason not to. Having to upgrade 8000 of them at once is often a good reason not to. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?014901c29297$74dc8040$0a00000a>