[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnumed-devel] Re: hherb.com reborn
From: |
Karsten Hilbert |
Subject: |
Re: [Gnumed-devel] Re: hherb.com reborn |
Date: |
Mon, 29 Nov 2004 23:40:09 +0100 |
User-agent: |
Mutt/1.3.22.1i |
> > b) Just building a Debian package does not make software secure
> > by default.
It does not *make* it more secure. But it increases its
chances for being *monitored* for issues - especially when in
Stable.
> You'll hopefully excuse any ignorance, I (maybe) misinterpreted from
> a prior email that packaging within debian would bring with it some
> orderliness that enhances/assists security i.e. that advantages to a
> debian package include *some* security benefits (even if only
> indirect), maybe that is wrong
No, I think you are spot on.
One advantage would be that updating a package (possibly to gain
improved security) is a well-polished process with Debian.
> Does this also mean that a medical practice, using real patient data
> to provide real care, should always stick with "stable" --- or
> perhaps --- that if the practice moves up to "testing", they need
> some confidence that security issues for the kernel, and for any
> packages *used by that practice*, will be closely and actively
> watched/managed, by people *other than* the debian security team?
You are right. There's several dimensions to that: For one
thing this is a business opportunity, eg. providing "quality
monitored" Debian packages to the medical community.
I would use stable for all machines exposed to outside threats
- or even Debian based distros tailored for providing secure
outside access.
"Inside" servers/workstations may opt for selectively running
some testing packages for increased functionality.
Karsten
--
GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346