Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: Lawrence D'Oliveiro <ldo@nz.invalid>
Newsgroups: comp.os.vms
Subject: Re: Is GNV a VSI or external project ?
Date: Mon, 23 Dec 2024 22:53:24 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 8
Message-ID: <vkcpl4$1dp54$5@dont-email.me>
References: <vkbnjb$17bn3$1@dont-email.me> <vkc970$1all3$1@dont-email.me>
	<vkcgoo$1c2bu$3@dont-email.me> <vkcj3p$1ceje$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Mon, 23 Dec 2024 23:53:25 +0100 (CET)
Injection-Info: dont-email.me; posting-host="87876a170c37f77beaf097aca304cfa7";
	logging-data="1500324"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX1/1rSxC8FKsZjJafSR2aPMd"
User-Agent: Pan/0.161 (Chasiv Yar; )
Cancel-Lock: sha1:HGDUPiSWkSSUjWGa789IdqhBwr0=
Bytes: 1435

On Mon, 23 Dec 2024 16:01:45 -0500, Arne Vajhøj wrote:

> Note though that unless you have some advanced security mechanisms in
> place, then it may actually not be a bad policy. There has been a lot of
> malware attacks in recent years via reputable software repositories.

But the policy was to only get that software from “reputable” sources. So 
yes, since it doesn’t help much against such attacks, it is a bad policy.