On Wed, Oct 21, 2009 at 04:55:19PM -0500, Raphael Geissert wrote:
> > Reasoning for this is that opening listening sockets with the network
> > allows "better" ways to exploit security bugs than in the traditional
> > unix filesystem.
> >
>
> Erm, excuse me but that argument sounds rather silly t
Hi Andreas,
Andreas Barth wrote:
[...]
> Reasoning for this is that opening listening sockets with the network
> allows "better" ways to exploit security bugs than in the traditional
> unix filesystem.
>
Erm, excuse me but that argument sounds rather silly to me.
Over the years there have been m
[Andreas Barth]
> Comments?
The idea seem reasonable, but it might be hard to decide when "equally
sufficient" is the case or not.
I suspect it is better to make this a release goal as the first step,
and then see if it make sense to make it a release requirement when it
is better known how many
On Sun, Oct 18, 2009 at 13:38:24 +0200, Andreas Barth wrote:
> Hi,
>
> after some discussion we had today on IRC, I tend to think we should
> put a section within "security" of the release policy that says
> something like "Packages must not open listening sockets at localhost
> where usage of a
* Luk Claes (l...@debian.org) [091018 14:51]:
> Andreas Barth wrote:
> > after some discussion we had today on IRC, I tend to think we should
> > put a section within "security" of the release policy that says
> > something like "Packages must not open listening sockets at localhost
> > where usage
Andreas Barth wrote:
> after some discussion we had today on IRC, I tend to think we should
> put a section within "security" of the release policy that says
> something like "Packages must not open listening sockets at localhost
> where usage of a unix domain socket (in the filesystem) would be
>
Hi,
after some discussion we had today on IRC, I tend to think we should
put a section within "security" of the release policy that says
something like "Packages must not open listening sockets at localhost
where usage of a unix domain socket (in the filesystem) would be
equally sufficient".
Reas
7 matches
Mail list logo
