Fedora Core 2 Test 2 - delayed

Mike A. Harris mharris at redhat.com
Fri Feb 27 15:49:43 UTC 2004


On Fri, 27 Feb 2004, Leonard den Ottolander wrote:

>> Aside from rejecting SElinux merely due to conspiracy theories
>> alone, what would be your suggestion to ensure that this is not
>> the case?
>
>I am not rejecting anything, just inquiring. And I am not very in to
>conspiracy theories, but the source of this patch is an intelligence
>agency, right?

Right.

>I have no suggestions apart from the code being minutely scrutinized by
>people who know how to do that.

It's been scrutinized fairly heavily from what I understand.  One 
of the beautiful things about open source is that anyone can 
scrutinize the source, so it is much more likely to have any 
security holes found and fixed in it.  That's irrespective of 
wether they would be planted or accidental of course.


>> You did upgrade X to the latest version right?  ;o)
>
>I was the one that somewhat prematurely polled you about it in
>bugzilla. (Sorry for that, it's just some developers are not as
>responsive and fast with releasing security updates as others.

No problem at all.  It's always a good thing when people report 
security vulnerabilities to us, even if we're aware of them 
already, because an external person doesn't necessarily have a 
way to pre-determine wether we're aware of a given issue yet or 
not.  Also, if it is public, and we've not released erratum yet, 
it's to be expected that someone is likely to report the issue to 
us, and that's always welcome too.  ;o)

Take care,
TTYL


-- 
Mike A. Harris     ftp://people.redhat.com/mharris
OS Systems Engineer - XFree86 maintainer - Red Hat





More information about the fedora-devel-list mailing list