Machell, Jonathan wrote:
Hello there,
We're currently trialling Gentoo to possibly host some of our web-servers. I've
used Gentoo for over eight years so I'm leading these trials.
I've subscribed to this mailing list but also gentoo-server and
gentoo-security. I'm trying to keep up to speed with all the latest security
news affecting Gentoo, GNU/Linux, Apache and MySQL. Should subscription to
these mailing lists be sufficient for this or is there any other place where I
should be looking to keep on top of security issues? I'm aware that this and
the other two mailing lists are low traffic but I haven't heard a peep since
subscribing on Tuesday. Is that normal? I was hoping to go through the archives
of previous messages at some point. Are these kept somewhere?
I'm late to the party on this, but I also subscribe to the mailing lists
of all public-facing software on our servers. For example, Postfix,
Dovecot, SpamAssassin, Apache, PHP, ClamAV... Many security issues get
reported to those lists before they're officially dubbed security issues.
"Public-facing" is of course a meaningless term. Do you include
iptables? How about glibc? GCC itself? You'll have to use your judgment
and/or eliminate the lists that are boring to listen to. If you flood
your inbox with noise, you'll stop paying attention and lose the
benefits altogether.
