[Lug-nuts] Re: [gary@garymcglinn.com: Re: Re: Snort]

Quoting Brian E. Lavender (brian(a)brie.com): The only way running Internet-exposed Fedora 13, even for a minimal host that's just barely enough of an OS build to support a hypervisor, in 2022, would involve the local sysadmin _completely_ having assumed and diligently carried out, without fail, all security maintenance _manually_ for all eleven years, since 2011-06-24, when Security Team coverage of F13 ceased permanently. That would mean diligently reading all CVEs for all local components exposed to public traffic -- including the Linux kernel (especially its network stack), all public-facing services, and all of their libs and support utilities -- doing, as appropriate, paring of code/functionality, upgrading, mitigating, applying needed source patches, etc. That could be done, by a sufficiently determined and well-prepared sysadmin who wishes to hand-maintain a very minimal system for locally-compelling reasons. Gary, _did_ you do all that? If you didn't, Gary, that's likely a key part of your problem. And dismissing the problem of need to plug proven security holes with "the upgrade treadmill is that it is a waste of time" is a reminder that denial isn't a river in Egypt.