On Jo, 24 apr 14, 11:06:27, Rowan Thorpe wrote: > On 10:57 Thu 24 Apr 2014, Paul Wise wrote: > > ..[snip].. > > https://wiki.debian.org/Hardening/Goals > > Regarding the line (at that page): > > > Refuse to install packages that are known to have X number of unplugged > > exploits (i.e. X number of open security bugs in the bug tracker) unless > > e.g. --allow-vulnerable-packages is used. This makes it clear that you are > > installing software that is vulnerable. > > I suggest it might be better if exploits were each given a quick/approximate > "ranking" in terms of severity (and if the severity is unknown it could be > assigned a default median ranking), so that the algorithm you mention wouldn't > just add number of unplugged exploits, but add them by weight. For example: > the recent heartbleed exploit would be worth more than a few smaller exploits > in less critical software, and would be calculated as such...
Bug severities are probably enough for this purpose. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic http://nuvreauspam.ro/gpg-transition.txt
signature.asc
Description: Digital signature
