I know people around here like to think Windows is insecure, but here's what I found while browsing Launchpad:
96 open CVE bugs in Ubuntu Dapper
Some of the vulnerabilities have been reported in 2007. I mean, is this a joke? For an 'enterprise-ready', LTS release this is unacceptable. You'd have to be out of your mind to install this in a production environment, but what about people who already installed it years ago, hoping Canonical would provide support and security patches?
Look at this VLC media player CVE report. It's been reported in the middle of 2007. Not only it's not fixed in the middle of 2009, it's been closed as "Won't Fix" for other, EOL'd Ubuntu releases. Now it's as if they want Dapper to die so that they can close the bug with the same "Won't Fix".
Dapper's Squirrelmail is also in a very, very bad situation. Ruby. PHPMyAdmin. Wordpress. Python. Lighttpd. Java. OpenSSL. Jesus Christ, this is insane!
I honestly hope they just remove Dapper from all Ubuntu mirrors, the thing is riddled with gaping security holes it's obvious they won't lift a finger to fix. So better remove it and tell everyone who installed it to replace it with some newer Ubuntu version, or even another OS.
Canonical, please stop official support for Dapper now! It's not as if you're offering any, anyway, but at least you make people aware of the huge risks they're taking everyday they continue to use Dapper on their servers and workstations.
Bookmarks