I agree entirely with Alun.
Cheers,
Roger
On Wed, Dec 14, 2016 at 1:21 PM, Alun <auj@???> wrote:
> Andy Smith <andy@???> said, in message
> 20161214124152.GU21587@???:
>>
>> …perhaps I could have a bit of feedback from you as to whether we
>> did the right thing in enforcing a reboot here.
>>
>> Discussion around the bug (unfortunately on a private list for
>> discussion of the security bugs while they're under embargo, so I
>> can't show you) indicated that it *probably* wasn't very dangerous.
>
> Short (advertised) outages on my VM aren't that much of a problem, so I'm
> pretty relaxed about the reboots.
>
> IMHO...
>
> The thing about security holes like this is that creative hackers have a
> tendency to leverage them into much bigger things later. Reacting to the bug
> while it's under embargo, even if it seems obscure, is probably the best
> thing to do, rather than leaving it until someone finds a way of using
> it to do something much scarier. At which point the 2 weeks' notice
> might turn into 0 days.
>
> Cheers,
> Alun.
>
> --
> Dr. Alun Jones, auj@???, 01970 622637
> Mathemateg, Ffiseg a Chyfrifiadureg, Prifysgol Aberystwyth
> Mathematics, Physics & Computer Science, Aberystwyth University
>
> _______________________________________________
> users mailing list
> users@???
> https://lists.bitfolk.com/mailman/listinfo/users
>
