On 12/04/2019 09:03, deloptes wrote:
> Thierry de Coulon wrote:
>
>> Anyway I think this "upgrade/update" craze is mostly the result from
>> Microsoft, Apple and Google having to frequently patch their buggy OSes
>> and using this to force users to adopt their latest control options. Now
>> it's become a fashion.
>>
>> I have here a few installs with fairly old Linux versions and never got a
>> problem - I agree I'm certainly not a prime taget for hackers...
> I disagree here, because if you look at what was recently upgraded in
> Stretch, these are openssh and similar, which are critical and I would not
> advise anyone with access to the internet to not upgrade frequently.

.. and I disagree with you. On the basis of your argument, we should not 
use the internet full stop as any software we use must be suspect as it 
will be continually upgraded. I'm not saying don't upgrade but to 
blindly upgrade is as bad as blindly not upgrading. Why should I believe 
ANY upgrade is more secure than the last? Upgrades are screwed up on a 
regular basis both by introducing security flaws and bugs and also 
removing/changing features that one needs. Do we read all the changelogs 
before doing apt upgrade? No, but we should if we want reliability.

> This is also not "Microsoft, Apple and Google" madness, but a normal
> software cycle. If you want to have latest bug and security fixes, do
> upgrade regularly.

Read above.

>
> Now for TDE, it is so stable, that you may have the impression you do not
> need it, but still the system should be up to date, to not allow undesired
> intrusions.

Upgrade for improvements, no problem, but read above.

>
> If you are target or not - you do not know. I see in the last couple of
> months constant brute force attacks on my ssh server

and upgrading will stop that? No. A bit of� filtering of known spam IPs 
would help much more.

Security for security's sake is a nightmare. If somebody can utilise a 
security flaw in my TDE desktop, I've already got big, big problems.

-- 
Mike Howard