Full Disclosure mailing list archives
Re: Is Mozilla's "patch" enough?
From: Aviv Raff <avivra () gmail com>
Date: Mon, 12 Jul 2004 21:28:09 +0200
On Mon, 12 Jul 2004 21:02:51 +0200, Florian Weimer <fw () deneb enyo de> wrote:
* Aviv Raff:On Mon, 12 Jul 2004 20:34:44 +0200, Florian Weimer <fw () deneb enyo de> wrote:* Aviv Raff:Security patches shouldn't be overridden unless intended too (i.e uninstalled).This is not standard industry practice. Especially if a patch might break previously working configuration, I completely agree that it's correct.That's why there should be a way to uninstall the patch, as I wrote.This requires that you have individual patches for each vulnerability, something that is often practically impossible (because of combinatoric explosion) and is a support nightmare if it is possible.
That's why from time to time there should be a cumulative patch (aka Service Pack).
Those vendors supplying source code are far better off in this area. You simply pick the parts you like and recompile your own version.
You really think that those people who don't know how to use the configuration files, will know how to recompile their own version? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Is Mozilla's "patch" enough?, (continued)
- Re: Is Mozilla's "patch" enough? William Warren (Jul 12)
- Re: Is Mozilla's "patch" enough? Thomas Kaschwig (Jul 12)
- Re: Is Mozilla's "patch" enough? Barry Fitzgerald (Jul 12)
- Re: Is Mozilla's "patch" enough? William Warren (Jul 12)
- Re: Is Mozilla's "patch" enough? Thomas Kaschwig (Jul 13)
- Re: Is Mozilla's "patch" enough? Aviv Raff (Jul 12)
- Re: Is Mozilla's "patch" enough? Georgi Guninski (Jul 12)
- Re: Is Mozilla's "patch" enough? Aviv Raff (Jul 12)
- Re: Is Mozilla's "patch" enough? Florian Weimer (Jul 12)
- Re: Is Mozilla's "patch" enough? Aviv Raff (Jul 12)
- Re: Is Mozilla's "patch" enough? Florian Weimer (Jul 12)
- Re: Is Mozilla's "patch" enough? Aviv Raff (Jul 12)
- Re: Is Mozilla's "patch" enough? Aviv Raff (Jul 12)
- Re: Is Mozilla's "patch" enough? Thomas Kaschwig (Jul 12)
- Re: Is Mozilla's "patch" enough? Daniel Wang (Jul 13)