[ale] IBM is buying Redhat!

Mon Oct 29 11:35:36 EDT 2018

On Mon, Oct 29, 2018 at 11:15:38AM -0400, Simba via Ale wrote:
> Irrelevant. Every day that a vulnerable system remains unpatched is a
> day that system could be compromised.

Irrelevant. Every untested change is a change that can lead to (the 
wrong people) dying.

(See what I did there?)

> You can't go on for hours about how DoD demands rigorous standards, then
> tell me that they're incapable of patching in a reasonable timeframe,
> and call that competence.

*shrug*  I can only speak to the DoD work that I was involved with, and 
yes, we had some *very* exacting quality requirements.

Granted, that last project had no networked component, so any "security" 
problem was purely physical in nature, and handled by well-armed 
soldiers.

Another DoD project I worked on had an explicit requirement to handle 
the device being physically compromised.  We had to scrub the hardware 
and software of any identifying marks (including copyright notices in 
all third-party software!) that could help lead back to anyone who 
(in)directly worked on it.  Because pissed-off cartels have been known 
to express their displeasure in spectacularly violent ways.

> I would fire everyone for not reaching that conclusion on their own, and
> I would re-write the rules to prioritize technology security.

Fortunately for the rest of us, you are not in charge.

That said, good luck.

 - Solomon
-- 
Solomon Peachy			       pizza at shaftnet dot org
Coconut Creek, FL                          ^^ (email/xmpp) ^^
Quidquid latine dictum sit, altum videtur.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://mail.ale.org/pipermail/ale/attachments/20181029/8e41a549/attachment.sig>