Re: Windows Update: A single point of failure for the world's economy?

From: Stefano Zanero (stefano.zanero_at_ieee.org)
Date: 09/04/03

  • Next message: Peter J. Holzer: "Re: RIP: ActiveX controls in Internet Explorer?"
    To: "BugTraq" <BUGTRAQ@SECURITYFOCUS.COM>
    Date: Thu, 4 Sep 2003 10:45:10 +0200
    
    

    > More of a risk than up2date for RedHat or emerge -u system for Gentoo? Or
    > cvsup for *BSD?

    Yeah. A lot more.

    None of these is enabled "by default" or, worse, "mandatorily", which was
    the point of my post. Additionally, none of these ADD or REMOVE things from
    your system you didn't configure.

    In addition, emerge and cvsup work on source code, not on binaries. And I'd
    say (albeit I'm ready to receive proofs of the contrary) that the odds of a
    binary patch crashing a system are well above those of a source patch and
    recompilation.

    As a final note, there's always a question of userbase to consider. And of
    ecological difference in the species and flavors of *nixes and of their
    update systems.

    Please note that I am not against this solution for privacy advocacy or
    trust reasons, which were raised in another post to the list. If you run a
    closed source operating system, it is quite pointless to worry about the
    "patches" and what they might introduce in it at a later time.

    However, on this particular point, I'd like to understand if this proposed
    auto-patching would be limited to urgent bugfixes, or would include the
    "updated features" that sometines shine on the Windows Update site (for
    instance, DirectX upgrades and similars, or updates for FireWire electric
    ovens).

    Just my 0.02 EUR, which is quite similar to the traditional 0.02$ these
    days.

    Stefano Zanero


  • Next message: Peter J. Holzer: "Re: RIP: ActiveX controls in Internet Explorer?"

    Relevant Pages

    • Re: build ports without X -- make.conf
      ... >> In BSD 4.x, there was a section in the make.conf manpage that said you ... >> ghostscript, cvsup, etc, which have distinctly different ports) ...
      (freebsd-questions)
    • RE: 6.1-PRERELEASE CVSUP tag=???
      ... Subject: 6.1-PRERELEASE CVSUP tag=??? ... Daniel Bye wrote: ... Oh yeah, so it was. ... Hmm, are you sure? ...
      (freebsd-questions)
    • Re: cant compile GENERIC kernel from today source
      ... > make buildkernel I get this: ... Yeah, my bad :-( ... It's been fixed - cvsup again and all should be well. ... To unsubscribe, ...
      (freebsd-current)
    • Re: CVSUP date for a successful x11-toolkits/fox-devel
      ... ahh, yeah, that's the cvsup date: ... weird., I had a custom kernel I compiled, I wonder why it's using GENERIC.... ... *shrug* oh well, I'll think about that at some other time, I want to ...
      (freebsd-questions)
    • Re: cvsup through an http proxy
      ... > I'm stuck behind a very pedantic authenticating http proxy at my ... > university and would like to cvsup my bsd box since it has been while ... > I haven't found any configuration options for http proxies for cvsup so ...
      (comp.unix.bsd.freebsd.misc)