Re: Windows Update: A single point of failure for the world's economy?
From: Stefano Zanero (stefano.zanero_at_ieee.org)
To: "BugTraq" <BUGTRAQ@SECURITYFOCUS.COM> Date: Thu, 4 Sep 2003 10:45:10 +0200
> More of a risk than up2date for RedHat or emerge -u system for Gentoo? Or
> cvsup for *BSD?
Yeah. A lot more.
None of these is enabled "by default" or, worse, "mandatorily", which was
the point of my post. Additionally, none of these ADD or REMOVE things from
your system you didn't configure.
In addition, emerge and cvsup work on source code, not on binaries. And I'd
say (albeit I'm ready to receive proofs of the contrary) that the odds of a
binary patch crashing a system are well above those of a source patch and
As a final note, there's always a question of userbase to consider. And of
ecological difference in the species and flavors of *nixes and of their
Please note that I am not against this solution for privacy advocacy or
trust reasons, which were raised in another post to the list. If you run a
closed source operating system, it is quite pointless to worry about the
"patches" and what they might introduce in it at a later time.
However, on this particular point, I'd like to understand if this proposed
auto-patching would be limited to urgent bugfixes, or would include the
"updated features" that sometines shine on the Windows Update site (for
instance, DirectX upgrades and similars, or updates for FireWire electric
Just my 0.02 EUR, which is quite similar to the traditional 0.02$ these