Hello everyone
At the moment, there are reports about unfixed privilege escalation
vulnerabilities in the GSM kernel module (n_gsm) in the tech news. This
kernel module is shipped with Debian by default.
Two security researchers both claim credit for their discovery[1][2].
Neither researcher do no
Interesting point in this talk: The APT team is already working on non-
PGP signatures.
https://wiki.debian.org/Teams/Apt/Spec/AptSign
I can see the advantages of that for release signatures which use a
rarely changing set of keys.
However, I do not see any good alternative for PGP for personal
s
Hello everyone
As you probably know, Debian relies heavily on GnuPG for various
purposes, including:
- developer communication
- signing of tarballs and patches
- automated processes such as update validation by APT
The OpenPGP Working Group at IETF is currently working on a new
standard.
https:
> i did the analysis (took 3 weeks)
Do you have a publication of that analysis? I was thinking the same
about the organization of Debian for some time but never did analysis
or compared it to other distros.
Also I like to add that reproducible builds are an excellent addition
to the mechanisms yo
4 matches
Mail list logo
