[CentOS] New java update?

Tue Mar 5 21:57:32 UTC 2013
John R. Dennison <jrd at gerdesas.com>

On Tue, Mar 05, 2013 at 06:23:25PM -0300, Fernando Cassia wrote:
> 
> Yeah, right, like there are no 0day patches periodically for a
> multitude of software, including Apache, PHP, and the like. And what
> are Microsoft´s "Patch Tuesday" Windows updates for, after all?.

Please.

Java is doing everything in it's power to rival the insecurity records
of sendmail and bind from years ago, or horde's track record or phpBB's.
It's just one rolling security vector.  It's apparently maintained by
people that don't really know what they're doing since it's one issue
after another in rapid pace.  Oracle's attitude towards patches is
abysmal at best and I can't see any relief in sight.  Look at it this
way: distro's have rolling releases and Java has rolling security
vulnerabilities.

> Security is a process. There is no "permanently secure" software. Not
> even OpenBSD with its "memory randomization".

How about permanently insecure?




							John
-- 
Politics is just show business for ugly people.

-- Jay Leno
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20130305/e29fa84d/attachment-0005.sig>