From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Kl3LH-000374-HT for garchives@archives.gentoo.org; Wed, 01 Oct 2008 15:10:19 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 83A98E0126; Wed, 1 Oct 2008 15:10:18 +0000 (UTC) Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.171]) by pigeon.gentoo.org (Postfix) with ESMTP id 54E2EE0126 for ; Wed, 1 Oct 2008 15:10:18 +0000 (UTC) Received: by wf-out-1314.google.com with SMTP id 29so609935wff.10 for ; Wed, 01 Oct 2008 08:10:17 -0700 (PDT) Received: by 10.114.112.1 with SMTP id k1mr9322825wac.10.1222873817006; Wed, 01 Oct 2008 08:10:17 -0700 (PDT) Received: from ?10.10.0.4? (OL109-107.fibertel.com.ar [24.232.107.109]) by mx.google.com with ESMTPS id 5sm3508022ywd.8.2008.10.01.08.10.14 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 01 Oct 2008 08:10:15 -0700 (PDT) Message-ID: <48E392D3.5020601@buanzo.com.ar> Date: Wed, 01 Oct 2008 12:10:11 -0300 From: Arturo 'Buanzo' Busleiman Organization: GNU/Buanzo User-Agent: Thunderbird 2.0.0.17 (X11/20080925) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-server@lists.gentoo.org Reply-to: gentoo-server@lists.gentoo.org MIME-Version: 1.0 To: gentoo-server@lists.gentoo.org Subject: Re: [gentoo-server] Server Packages for Gentoo References: <315780.7534.qm@web65406.mail.ac4.yahoo.com> In-Reply-To: <315780.7534.qm@web65406.mail.ac4.yahoo.com> X-Enigmail-Version: 0.95.7 OpenPGP: id=6857704D Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: aa629e97-513e-4d1e-aa9a-1ea40551f40c X-Archives-Hash: e0796f2ff5ab4376a6bd5bcd9567c328 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 BRM wrote: > A "static package" is never for "security reasons". It's for "administration" reasons. Please don't confuse the two. I deeply agree! > If someone was truly looking at the "security reasons", then they would try to stick with newer software - especially in the F/OSS world - since it nearly always fixes the older security issues (or at worse propagates them), usually gets the fixes faster, and even though it might introduce new issues, those issues are likely unknown to any. I'd like to add that the policy of using old, "verified", secure software is relatively flawed, as every day we find methods to exploit coding vulnerabilities that were previously thought of as "un-exploitable"... - -- Arturo "Buanzo" Busleiman Independent Linux and Security Consultant - SANS - OISSG - OWASP http://www.buanzo.com.ar/pro/eng.html Mailing List Archives at http://archiver.mailfighter.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI45LTAlpOsGhXcE0RCr/8AJ417MK1I6pjyVWw86cdqK8ny4Dt+QCePKur YU/u2aLIE9lvJNo2uEFgBeM= =7suo -----END PGP SIGNATURE-----