Debian attacker may have used new exploit

John Macdonald jmm-TU2q2He6PgRlD5gtYiU6kEEOCMrvLtNR at public.gmane.org
Thu Dec 4 04:07:31 UTC 2003 

On Wed, Dec 03, 2003 at 05:11:38PM -0500, JoeHill wrote:
> I nowhere engaged in such a practice, I argued against *any* limits being placed
> on the free exchange of information, for reasons I have already stated, and
> have provided references for. Not once did I claim or assume that the "other
> side" of the argument was no disclosure at all. As Robert suggested would
> happen, this *is* getting repetitive, and now you are accusing me of something
> you seem to be doing yourself.
> 
> So, to end the thread, placing limits on the free exchange of any information,
> whether it is for some limited time or perceived good, is the kind of slippery
> slope that leads to a regime **Hitler** would have loved ;-)

You have argued against *any* limit.  Until the
"slippery slope" statment above, I have not seen any
*justification* for such an argument that actually
applied to delayed disclosure (a temporary limit
for a deliberate purpose) rather than *only* to
non-disclosure.

A slippery slope argument is not particularly
compelling unless you go on to show that there is
difficulty in choosing any point in between the
extremes and sticking to that point.  As long as
people *do* always come to the point where they
disclose the problem, there is no slippery slope.
Different people may have different amounts of
leniency, but the end result is the same except for
the exact timing.

If you have any argument that justifies immediate
disclosure over delayed disclosure, please state it.
What penalty is there for making it possible to have
a fix for a problem available before the general
publication of the problem, as long as the publication
will happen in a relatively short time frame?
What benefit comes from not providing a window of
time for fixing the problem before disclosure?

But skip "non-disclosure is bad" arguments - they do
not say anything against delayed disclosure.  And skip
"nobody has proved it is necessary" arguments -
they at most say that immediate disclosure might not
cause damage, but they do not state any advantage
for immediate disclosure.
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

More information about the Legacy mailing list