On 12/04/2019 09:03, deloptes wrote: > Thierry de Coulon wrote: > >> Anyway I think this "upgrade/update" craze is mostly the result from >> Microsoft, Apple and Google having to frequently patch their buggy OSes >> and using this to force users to adopt their latest control options. Now >> it's become a fashion. >> >> I have here a few installs with fairly old Linux versions and never got a >> problem - I agree I'm certainly not a prime taget for hackers... > I disagree here, because if you look at what was recently upgraded in > Stretch, these are openssh and similar, which are critical and I would not > advise anyone with access to the internet to not upgrade frequently. .. and I disagree with you. On the basis of your argument, we should not use the internet full stop as any software we use must be suspect as it will be continually upgraded. I'm not saying don't upgrade but to blindly upgrade is as bad as blindly not upgrading. Why should I believe ANY upgrade is more secure than the last? Upgrades are screwed up on a regular basis both by introducing security flaws and bugs and also removing/changing features that one needs. Do we read all the changelogs before doing apt upgrade? No, but we should if we want reliability. > This is also not "Microsoft, Apple and Google" madness, but a normal > software cycle. If you want to have latest bug and security fixes, do > upgrade regularly. Read above. > > Now for TDE, it is so stable, that you may have the impression you do not > need it, but still the system should be up to date, to not allow undesired > intrusions. Upgrade for improvements, no problem, but read above. > > If you are target or not - you do not know. I see in the last couple of > months constant brute force attacks on my ssh server and upgrading will stop that? No. A bit of� filtering of known spam IPs would help much more. Security for security's sake is a nightmare. If somebody can utilise a security flaw in my TDE desktop, I've already got big, big problems. -- Mike Howard