On 01/07/2012 01:59 AM, Reindl Harald wrote: > > > Am 07.01.2012 07:52, schrieb Digimer: >> On 01/07/2012 01:02 AM, Reindl Harald wrote: >>> Am 07.01.2012 06:35, schrieb Digimer: >>>>> if you have a big customer which hires a 3rd party auditor >>>>> you are NOT in the poisiton to give such arguments or >>>>> you can give them but you can not change ANYTHING in >>>>> the fact that finally "fix it or shutdown the service" >>>>> is what you have to do >>>> >>>> If you have a "security expert" who can't grasp the concept of >>>> back-ported bug fixes, and is unwilling to test for specific >>>> vulnerabilities' existence, it's time to get a new expert. >>> >>> you are missing the point A BIG CUSTOMER has a security-expert >> >> No, I'm not missing the point. You're asking for a wholesale change in >> how a program works so that you can have an easier time with an >> uneducated customer. Your job, as a consultant or IT support is not make >> sure that your solution is safe. Making you customer feel comfortable >> without actually given them security is a bad idea. > > i know about the pros and cons for obscurity > > but i also know that from "SSH-2.0-OpenSSH_5.8" only "SSH-2.0" > is relevant for clients and having backports in mind this must > be the truth because if the whole version would matter all > LTS distributions would be broken by design This doesn't change the fundamental point; You are asking for a significant change in behaviour to a program that who-knows-how-many apps use, for no real reason other than to make a client feel better. -- Digimer E-Mail: digimer@xxxxxxxxxxx Freenode handle: digimer Papers and Projects: http://alteeve.com Node Assassin: http://nodeassassin.org "omg my singularity battery is dead again. stupid hawking radiation." - epitron -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
