[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Is Mozilla's "patch" enough?

To: Florian Weimer <fw@xxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] Is Mozilla's "patch" enough?
From: Aviv Raff <avivra@xxxxxxxxx>
Date: Mon, 12 Jul 2004 20:58:57 +0200

On Mon, 12 Jul 2004 20:34:44 +0200, Florian Weimer <fw@xxxxxxxxxxxxx> wrote:
> * Aviv Raff:
> 
> > Security patches shouldn't be overridden unless intended too (i.e
> > uninstalled).
> 
> This is not standard industry practice.  Especially if a patch might
> break previously working configuration, I completely agree that it's
> correct.

That's why there should be a way to uninstall the patch, as I wrote.

> For most people, having a working system is more important than having
> a secure system.

I agree.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Is Mozilla's "patch" enough?
  - From: Florian Weimer

References:
- [Full-Disclosure] Is Mozilla's "patch" enough?
  - From: Aviv Raff
- Re: [Full-Disclosure] Is Mozilla's "patch" enough?
  - From: Thomas Kaschwig
- Re: [Full-Disclosure] Is Mozilla's "patch" enough?
  - From: Aviv Raff
- Re: [Full-Disclosure] Is Mozilla's "patch" enough?
  - From: Georgi Guninski
- Re: [Full-Disclosure] Is Mozilla's "patch" enough?
  - From: Aviv Raff
- Re: [Full-Disclosure] Is Mozilla's "patch" enough?
  - From: Florian Weimer

Prev by Date: AW: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP
Next by Date: [Full-Disclosure] Brand New Hole: Internet Explorer: HijackClick 3
Previous by thread: Re: [Full-Disclosure] Is Mozilla's "patch" enough?
Next by thread: Re: [Full-Disclosure] Is Mozilla's "patch" enough?
Index(es):
- Date
- Thread