On Tue, Mar 05, 2013 at 06:23:25PM -0300, Fernando Cassia wrote: > > Yeah, right, like there are no 0day patches periodically for a > multitude of software, including Apache, PHP, and the like. And what > are Microsoft´s "Patch Tuesday" Windows updates for, after all?. Please. Java is doing everything in it's power to rival the insecurity records of sendmail and bind from years ago, or horde's track record or phpBB's. It's just one rolling security vector. It's apparently maintained by people that don't really know what they're doing since it's one issue after another in rapid pace. Oracle's attitude towards patches is abysmal at best and I can't see any relief in sight. Look at it this way: distro's have rolling releases and Java has rolling security vulnerabilities. > Security is a process. There is no "permanently secure" software. Not > even OpenBSD with its "memory randomization". How about permanently insecure? John -- Politics is just show business for ugly people. -- Jay Leno -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20130305/e29fa84d/attachment-0005.sig>