On Thu, May 15, 2003 at 08:09:48AM +0200, Sven Luther wrote: > On Thu, May 15, 2003 at 01:13:19PM +1000, Anthony Towns wrote: > > On Wed, May 14, 2003 at 07:12:15PM -0400, Joey Hess wrote: > > > Take the harden package, or create something similar: a package that > > > conflicts with all versions of packages with known security holes. > > Why not just /fix/ the holes? Is uploading a package with a well known > > patch _really_ that hard? > The fact is, we don't have a security architecture, or even autobuilders > for testing,
Uh, actually, we have both these things. We've had them for almost a year now, although they haven't been used. Cheers, aj -- Anthony Towns <[EMAIL PROTECTED]> <http://azure.humbug.org.au/~aj/> I don't speak for anyone save myself. GPG signed mail preferred. ``Dear Anthony Towns: [...] Congratulations -- you are now certified as a Red Hat Certified Engineer!''
pgpiCQsHLXZ2A.pgp
Description: PGP signature
