On Mon, 24 Jan 2005 10:02:52 -0500, Jeff Spaleta wrote:
And I might add.. that while users and admins.. might want to
install
many other apps from anywhere on the net that the find them... this is
not necessarily advisable behavior. You continue to cater to this
sort of thing and you will end up with people install very old
libraries that are no longer being maintained so that they can install
very old applications that are no longer being maintained and could
have unresolved but well understood security problems. I'm really not
sure its in anyones best interest to make it really drop-dead easy to
install unmaintained software that might be expoitable simply because
the package was created in 2000.
Wow - 2000 is only 5 years ago guys. There are *lots* of people still
running programs designed for Windows 95, which is now 10 years old!
Face it: people will run the software they want. If you make it difficult
or annoying for them out of a misguided sense that
security-through-obnoxiousness is OK, they'll just use Windows which
doesn't do much for security at all but at least makes it easy for the
user to achieve their goal.
The best solution is for libraries to not break backwards compatibility
every other week, that way security fixes are magically present even for 5
year old apps.
Seriously, 5 years is really nothing, it's all about mindset.
thanks -mike