Re: The harden-*flaws packages.

On Mon, Sep 02, 2002 at 06:28:44PM +0200, Javier Fernández-Sanguino Peña wrote: > On Mon, Sep 02, 2002 at 05:13:51PM +0200, Ola Lundqvist wrote: > > > > Now we just have to solve the upload-to-security problem, or simply > > write some other check that scans the security.d.o web pages and > > make

Re: The harden-*flaws packages.

On Mon, Sep 02, 2002 at 05:13:51PM +0200, Ola Lundqvist wrote: > > Now we just have to solve the upload-to-security problem, or simply > write some other check that scans the security.d.o web pages and > make clever things of it. Maybe using tiger, maybe some other things. But > because tiger can

Re: The harden-*flaws packages.

On Mon, Sep 02, 2002 at 05:01:14PM +0200, Javier Fernández-Sanguino Peña wrote: > On Mon, Sep 02, 2002 at 04:09:21PM +0200, Ola Lundqvist wrote: > > Hi > > > > > If you want a program to check for security flaws please use one designed > > > for that > > > precisely. Tiger is such a program. Just

Re: The harden-*flaws packages.

On Mon, Sep 02, 2002 at 04:09:21PM +0200, Ola Lundqvist wrote: > Hi > > > If you want a program to check for security flaws please use one designed > > for that > > precisely. Tiger is such a program. Just have the *flaws package recommend: > > or > > depend: on tiger. > > On the other hand tig

Re: The harden-*flaws packages.

Hi On Mon, Sep 02, 2002 at 03:09:28PM +0200, Javier Fernández-Sanguino Peña wrote: > On Mon, Sep 02, 2002 at 08:47:53AM +0200, Ola Lundqvist wrote: > > > > Yes. Luckily I just saw someone that have written a script that checks > > the DSA:s and tell the maintainer that he/she has a vulnerable pac

Re: The harden-*flaws packages.

On Mon, Sep 02, 2002 at 08:47:53AM +0200, Ola Lundqvist wrote: > > Yes. Luckily I just saw someone that have written a script that checks > the DSA:s and tell the maintainer that he/she has a vulnerable package. > That is a good solution (best?). The problem is that the DSA is > not able to disti

Re: The harden-*flaws packages.

Daniel Martin <[EMAIL PROTECTED]> writes: > Martin Schulze <[EMAIL PROTECTED]> writes: > > Hrm. The more I think about this the more I wonder if maybe the > harden-*flaws packages make much sense in stable at all. If someone > is apt-get'ing from security.debia

Re: The harden-*flaws packages.

n-* packages) > > Agreed, _random_ updates would be a bad thing. However, what the > maintainer is proposing here is updates that are driven by DSAs. > Although I find it a slight stretch, one could easily argue that the > updates to the harden-*flaws packages are security updates

Re: The harden-*flaws packages.

slight stretch, one could easily argue that the updates to the harden-*flaws packages are security updates. These updates share another feature with security updates. Imagine the package netostrich, which helps you bury your head in the sand remotely. Now, suppose the upstream authors discover

Re: The harden-*flaws packages.

Please see the thread summarized in : Policy for Woody Point-Releases. [4]Several [5]developers [6]would [7]like to add new packages and updates to their packages to the recently released stable distribution of Debian. Adding new packages and random upd

Re: The harden-*flaws packages.

Hi On Thu, Aug 29, 2002 at 01:39:35PM +0100, Colin Watson wrote: > On Thu, Aug 29, 2002 at 02:35:13PM +0200, Ola Lundqvist wrote: > > I'm the maintainer of the harden-*flaws packages. The idea is to > > have conflicts with packages that are known to have security holes. &

Re: The harden-*flaws packages.

On Thu, Aug 29, 2002 at 02:35:13PM +0200, Ola Lundqvist wrote: > I'm the maintainer of the harden-*flaws packages. The idea is to > have conflicts with packages that are known to have security holes. > This is not a big problem for unstable (and mostly for testing) > but now

The harden-*flaws packages.

Hi I'm the maintainer of the harden-*flaws packages. The idea is to have conflicts with packages that are known to have security holes. This is not a big problem for unstable (and mostly for testing) but now woody have become stable. So I now ask you what you think. Should I upload up