[Klug-general] SSL bug
J D Freeman
klug at quixotic.org.uk
Thu May 22 13:20:43 BST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, May 22, 2008 at 08:06:23AM -0400, Karl Lattimer wrote:
> So hold on a second;
>
> A security flaw which makes the worlds largest repositories of software
> source code vulnerable to attack, and therefore injection of smaller
> malicious code, isn't a big issue?
> A security flaw which puts at risk every single credit card transaction,
> made online, ongoing from servers hosted on debian, isn't a big issue?
> A security flaw which has jeopardised the cryptographic security of every
> service that relies on it, isn't a major issue?
>
> Sourceforge, gnome, and every major vendor have had to stop development
> (and releases) as a result of this problem.
>
> This is the biggest flaw in history, it has perpetuated onto millions of
> systems, and isn't so easy to clean it up.
Can you cite a reliable source on this statement, or is this yet another
claim from the guy who claimed that apple invented email?
The best I can find is Schneier saying "This is a big deal". He doesn't
seem to claim it the biggest flaw in history.
You are making it out that this is the first, last, and only time a bug
like this will every occur. I think we are fair to say this is not the
case. There are a greater number of, IMHO, more dangerous bugs in
machines running other distro's and OS's than this bug in debian.
> My point is, people from fortune 500s will want heads to roll for this.
Fantastic, they can roll some heads. What good will it get them? You
can't undo the past simply by having a blamestorming session.
> The fact of the matter is debian will never be used by any businesses that
> depend on security again, it will be removed from all major companies and
> as the dilbert comic says "Debian, you can never be sure" this is now the
> strap line people will use to describe it. The brand is damaged beyond
> repair.
And? If the stuff said companies is that important they should be doing
it on a z series. Its horses for courses.
> Of course not, now that you're wrong you don't want to argue... Funny that
> isn't it
I am more than happy to engage you in an intellectual discussion upon
pretty much any subject. I do not however see any reason to stoop to
name calling and insults.
> Sorry, but that's not what I'm hearing, people won't touch it with a barge
> pole, "Not getting my hands on that train wreck" has been mentioned a few
> times.
And guess what, people don't touch lots of things with barge poles. Just
like I wont touch redhat or windows. You win some, you lose some. This
is not the end of the world.
> Investment in FAIL.
No, investment in the future. People make mistakes. Accept it, you make
enough of them yourself.
> LOL, can't take the heat?
What heat, so far you are making unsubstantiated claims and being
insulting. I hardly call that heat.
J
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFINWUa42M0lILkmGIRAuBfAKCdAezw2Q2C3vCHzY2zcNfzRP6QMACdEiVK
dlB4YR+4yHieIOJQQOCqJEQ=
=1gV7
-----END PGP SIGNATURE-----
More information about the Kent
mailing list