On Fri, 27 Feb 2004, Leonard den Ottolander wrote: >> Aside from rejecting SElinux merely due to conspiracy theories >> alone, what would be your suggestion to ensure that this is not >> the case? > >I am not rejecting anything, just inquiring. And I am not very in to >conspiracy theories, but the source of this patch is an intelligence >agency, right? Right. >I have no suggestions apart from the code being minutely scrutinized by >people who know how to do that. It's been scrutinized fairly heavily from what I understand. One of the beautiful things about open source is that anyone can scrutinize the source, so it is much more likely to have any security holes found and fixed in it. That's irrespective of wether they would be planted or accidental of course. >> You did upgrade X to the latest version right? ;o) > >I was the one that somewhat prematurely polled you about it in >bugzilla. (Sorry for that, it's just some developers are not as >responsive and fast with releasing security updates as others. No problem at all. It's always a good thing when people report security vulnerabilities to us, even if we're aware of them already, because an external person doesn't necessarily have a way to pre-determine wether we're aware of a given issue yet or not. Also, if it is public, and we've not released erratum yet, it's to be expected that someone is likely to report the issue to us, and that's always welcome too. ;o) Take care, TTYL -- Mike A. Harris ftp://people.redhat.com/mharris OS Systems Engineer - XFree86 maintainer - Red Hat
