Hi 1 Acording to PIE randomization and to the fact that in FC1/FC2 especialy upcoming FC3 have all network daemons builded with PIE and acording to fact that in FC3 we now have ready made targeted+enforced policy for daemons, what posibility is still left if supose i dont use any updates for years for daemons to remote exploit it ? I am not an intrinsyc glibc/kernel system knowledger, readed about PIE but still need an strong advice that PIE+selinux can bring an unexploitable system without requiring updates or track security list for posible vulnerabilities in time. Can comment someone on this ? I would like to hear something positive experience from admins on this list with these facilities, especialy how calm can i sleep in the night dont bothering about updates and other sec. isues. Are realy these facilities something like OpenBSD slogan: "Only one remote hole in 7 years" Thanks in advance. ~cristian
