[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RRG] What does incremental deployment mean



On Fri, 28 Mar 2008, Marshall Eubanks wrote:
By the way, Wikipedia says about Windows 2000

"More than eight years after its release, it continues to receive patches for security vulnerabilities on a near-monthly basis."

So, there may be hope there after all. Still, my experience is that people who are running old versions of code are
likely to also not be regularly updating them.

Isn't this whole discussion irrelevant?

Even if all Windows 2000 or XP users were applying security patches (which they aren't), making a fundamental change as this cannot be deployed as a security fix. By definition it is going to break a lot of applications or at least change their communication patterns in such a way that in the deployed base of O(million) various kinds of bizarre apps and O(100 million) hosts the result would be a chaos.

There is no way any vendor could unilaterally deploy significant host changes in a channel meant only for critical software updates for a product well beyond its end-of-life cycle.

--
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg