[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ProgSoc] pine
At 1:47pm on the 17th of April, John Elliot wrote:
> you want to run a security argument, it is a much more secure method of raising
> concerns since it was private (although i realise it was probably mostly a
> prank / free software rant). we now have a public notification
> (http://www.progsoc.uts.edu.au/lists/progsoc/current/msg00834.html) of a
> security hole in software run on our network, thx nick. - if you had real
> concerns you would have helped fix the problem _first_ then had ur whinge after.
That, apart from being the most supremely daft argument I've ever heard
(advocating security through obscurity puts you in the same camp,
security-wise, as Microsoft Corp.) highlights another point - I don't
believe that the current version of Pine is so much of a security risk that
I would not post to a public mailing list about it. Presumably nobody else
here believes that either, because Pine has not been removed from ftoomsh.
Actually, I pretty much agree with you that the "security /
maintainability" argument is a strawman. I'm mostly in agreement with
you when you write, "it was probably mostly a prank / free software rant".
Hence my calling the maturity of the admin into question. If an urgent
security vulnerability had been discovered, the correct thing to do from a
system administration perspective would be to remove the program, kill all
instances of it, put a message in the motd and wall(1) the current users.
Not write a dinky little shell script.
That said, I think it's important that Pine be upgraded and properly
configured, and I am willing to do the work and accept the responsibility.
- Nicholas FitzRoy-Dale
Q: Can I have a conversation with you?
A: Have two, they're small!
You are subscribed to the progsoc mailing list. To unsubscribe, send a
message containing "unsubscribe" to firstname.lastname@example.org.
If you are having trouble, ask email@example.com for help.