[rescue] This Just In: HP to buy Compaq

G W Adkins rescue at sunhelp.org
Thu Sep 6 11:55:20 CDT 2001


> > Actually machines that patch themselves are a potential security
nightmare
> >
> > Not to mention that not all patches are a good thing, SP6 anyone?
>
> The packages from Debian are md5 hashed and PGP signed...so if even a
> single bit changes, the package becomes invalid.
>
> And you face the "upgefucked patch" syndrome anytime you patch a
> box...whether you do it by hand or by cron.
>
So a potential Miscreant couldn't hash and sign the patch on their own?
(yes, this would be more work, probably as much as writing a virus that
e-mails itself by VBA...)

And anyway, this doesn't address the fact that some patches are STILL cruft,
and are better off left uninstalled rather than having to back them out or
repatch them later when they are found to be horribly borken...

George




More information about the rescue mailing list