Am 07.01.2012 07:52, schrieb Digimer: > On 01/07/2012 01:02 AM, Reindl Harald wrote: >> Am 07.01.2012 06:35, schrieb Digimer: >>>> if you have a big customer which hires a 3rd party auditor >>>> you are NOT in the poisiton to give such arguments or >>>> you can give them but you can not change ANYTHING in >>>> the fact that finally "fix it or shutdown the service" >>>> is what you have to do >>> >>> If you have a "security expert" who can't grasp the concept of >>> back-ported bug fixes, and is unwilling to test for specific >>> vulnerabilities' existence, it's time to get a new expert. >> >> you are missing the point A BIG CUSTOMER has a security-expert > > No, I'm not missing the point. You're asking for a wholesale change in > how a program works so that you can have an easier time with an > uneducated customer. Your job, as a consultant or IT support is not make > sure that your solution is safe. Making you customer feel comfortable > without actually given them security is a bad idea. i know about the pros and cons for obscurity but i also know that from "SSH-2.0-OpenSSH_5.8" only "SSH-2.0" is relevant for clients and having backports in mind this must be the truth because if the whole version would matter all LTS distributions would be broken by design
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
