From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1KVtP2-00009l-EM for garchives@archives.gentoo.org; Wed, 20 Aug 2008 19:31:32 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 7AC7DE04EC; Wed, 20 Aug 2008 19:31:31 +0000 (UTC) Received: from rv-out-0708.google.com (rv-out-0708.google.com [209.85.198.250]) by pigeon.gentoo.org (Postfix) with ESMTP id 4CE87E04EC for ; Wed, 20 Aug 2008 19:31:31 +0000 (UTC) Received: by rv-out-0708.google.com with SMTP id b17so519747rvf.46 for ; Wed, 20 Aug 2008 12:31:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=xFtTJGwwIFbbZ/yIiUGfGImlGeHL/q5b8ZVdmIeYcH0=; b=kAH11fj1bGdZX7SU2IbOZfXQAsBV8jL4/NKdqhcHBvCAMJHYcmZ6DuKld1tFtrHscD YZb4y/1lAEKtIicYm2I0gX/Cr6g/UQVm4Fgyx+aAATvO9nzKh3i8hfLYGRMlGwYodo9q hBkQu7ZDIZ+WbcVhvzqfdcvQXNzJHXVQ7yTPA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=v4z6D4BwSKbXoynwG0//m7Ve6aIt8ow3vSmZ9KbI/WkISXBsYUCP90gjVp9Ze75JAS Lk9TZ3vSVS4mnZrPcR+0vORqvgjuXJer/moC957UlP4ry1VMlWWkzlcQUHmhMudL0jNO 87a/RxgTriDmeMdmzv0qYPPaeN6jzTRIDCw9Q= Received: by 10.141.88.3 with SMTP id q3mr271097rvl.94.1219260690603; Wed, 20 Aug 2008 12:31:30 -0700 (PDT) Received: by 10.140.158.10 with HTTP; Wed, 20 Aug 2008 12:31:30 -0700 (PDT) Message-ID: <4255c2570808201231k360aec7cs6ef19206a62dd095@mail.gmail.com> Date: Wed, 20 Aug 2008 13:31:30 -0600 From: RB To: gentoo-hardened@lists.gentoo.org Subject: Re: [gentoo-hardened] Updates: a way too simplified security question I am asking anyway In-Reply-To: <200808202114.57420.janklodvan@gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <1217603370.1820.242.camel@liasis.inforead.com> <200808201454.37350.janklodvan@gmail.com> <1219247184.19388.58.camel@nc.nor.wtbts.org> <200808202114.57420.janklodvan@gmail.com> X-Archives-Salt: 93b20c9e-48d5-4ee9-8fb1-98c8781d826b X-Archives-Hash: 8a90e9fb8ec6682ca6355ef65c743e6b On Wed, Aug 20, 2008 at 12:14 PM, Jan Klod wrote: I'm not going to address each of the fallacies I see in your statements, but you have an exceedingly idealistic view of software development and particular OS' perceived security. [Insert project here] may have a slogan, but the developers are still human and thus still make mistakes and are inherently lazy. Short of being powered by unicorn farts, there is no way any reasonably complex system can approach that ideal. In regard to your philosophy of updates, do you build a wall and not defend it? Do you plant a garden and not water it? In the same light, no system can be "permanently" secured. Safes are rated by the amount of time it would take a dedicated, skilled cracker to open it; none are ever deemed uncrackable. If you want more time, you purchase [or build] one that better matches your needs. System security is no different. RB