o**********e 发帖数: 18403 | 1 【 以下文字转载自 SanFrancisco 讨论区 】
发信人: onetiemyshoe (onetiemyshoe), 信区: SanFrancisco
标 题: 红帽子烙印解释为什么patch了又patch
发信站: BBS 未名空间站 (Sun Sep 28 11:14:05 2014, 美东)
http://www.theregister.co.uk/2014/09/28/bash_shellshock_bug_pat
我来帮解释吧: Redhat,跟思科一样,拿了open
source软件就卖钱,根本没有testing,confused
about how to properly address a 22-year old
security hole. 两公司都是烙印窝. | o**********e 发帖数: 18403 | 2 烙印是这么解释的:
When a second issue with Bash was found a few minutes after the first one
went public, we knew there was something wrong. We could have followed a
duct-tape approach and issued patches to our customers quickly or we could
have done this correctly. Applying multiple security updates is extremely
difficult!
When CVE-2014-7169 went public, there was a lot of visible confusion around
how to address this issue. This was fuelled by the media and by the fact
that exploits were immediately available on the internet.
Red Hat carefully analysed the root cause of the issue and wrote and tested
patches. We posted these patches to the community for review and allowing
everyone to freely use them if they wanted to. Doing things correctly takes
time! |
|