What I would love to see is to
> > > actually have a substate which makes the situation clear, and still
> > > beeing technically correct. I was envisioning something which would be
> > > a substate like we have for the substate of no-dsa (ignored,
> > > postpon
t; beeing technically correct. I was envisioning something which would be
> > a substate like we have for the substate of no-dsa (ignored,
> > postponed).
>
> This sounds like the solution proposal A2, quoting it:
> > ## A2) Add a new mutually exclusive state to the set:
>
ng something which would be
> a substate like we have for the substate of no-dsa (ignored,
> postponed).
This sounds like the solution proposal A2, quoting it:
> ## A2) Add a new mutually exclusive state to the set:
"not-affected-build-artifacts"
Would this be aligned to what you&
Hi Samuel,
On Tue, Oct 29, 2024 at 07:06:23PM +, Samuel Henrique wrote:
> Hello everyone,
>
> On Wed, 4 Sept 2024 at 12:47, Emilio Pozuelo Monfort wrote:
> > One issue I see with using not-affected for this is that not-affected
> > effectively marks all older versions as that. However, in th
Hello everyone,
On Wed, 4 Sept 2024 at 12:47, Emilio Pozuelo Monfort wrote:
> One issue I see with using not-affected for this is that not-affected
> effectively marks all older versions as that. However, in this case, a source
> could be affected (e.g. in bookworm) and then in sid we've stopped
On 31/08/2024 20:07, Samuel Henrique wrote:
Hello everyone,
I've written another revision of my proposal, this is version 3 of it, the
previous ones are on this email thread on debian-security@lists.debian.org.
I did get some feedback from the Security Team privately, it wasn'
Hello everyone,
I've written another revision of my proposal, this is version 3 of it, the
previous ones are on this email thread on debian-security@lists.debian.org.
I did get some feedback from the Security Team privately, it wasn't
anything confidential, it's just that some
Hello everyone,
Just wondering if the Security team could spend some time availiating my
proposal.
Feedback from others is always welcomed too, but in order to go ahead I would
like to understand where the team stands.
Cheers,
--
Samuel Henrique
Hello everyone,
I've done some small updates to the proposal, mostly improving readability and
making my suggestion more clear.
v2 below:
I would like to propose something which will lower the amount
of reported false-positive CVEs to our users by about 20%.
# tl;dr
We don't have a
* [Wed, Apr 03, 2024 at 11:11:20PM +0100] Samuel Henrique:
On the proposed solution I also mention that we can use the "(free text
comment)" section to indicate that, while sticking to "not-affected", this
would simplify things as no new value is needed. But parsing the cases where
only the sourc
On Wed, 3 Apr 2024 at 17:04, Gian Piero Carrubba wrote:
>
> * [Wed, Apr 03, 2024 at 09:21:41AM +0100] Samuel Henrique:
> ># Alternative solutions:
> >If we really want to distinguish the case when we don't produce any affected
> >packages but the source contains the vulnerability (a build with dif
* [Wed, Apr 03, 2024 at 09:21:41AM +0100] Samuel Henrique:
# Alternative solutions:
If we really want to distinguish the case when we don't produce any affected
packages but the source contains the vulnerability (a build with different
flags might result in an affected package), we can create a n
-- Forwarded message --
From: Samuel Henrique <samuel...@debian.org>
Date: On Wed, Apr 3, 2024 at 3:21 AM
Subject: Fw: security-tracker: A proposal to significantly reduce reported
false-positives (no affected-code shipped)
To: <debian-security@lists.debian.org>
Hello everyone, I would like to propose something which will lower the amount
of reported false-positive CVEs to our users.
# tl;dr
We don't have a unique way of stating a CVE does not affect us when we don't
build the affected package's feature or hardening blocks exploits, this leads
to our user
I just noticed that in hashtab sha256 is not enabled by default, so I would
further add the following sentence to the windows/mac instructions:
"SHA256 is not enabled by default in HashTab, so you will have to
click *options
*and enable it."
Török Edwin wrote:
What if you already have an older
On 01/26/2011 02:04 AM, Naja Melan wrote:
*3. Could a malicious attacker that feeds me an altered iso image not
also feed me an altered SHA256SUMS file? Yes, they could! Http is very
easy to intercept. This is where SHA256SUMS.sign comes in. This file
is the pgp signature of the ***SHA256SUMS f
*Hi,*
*after this <http://lists.debian.org/debian-security/2011/01/msg2.html>and
this
discussion <http://lists.debian.org/debian-security/2011/01/msg00073.html> I
decided to write a proposal for an improvement of
http://debian.org/CD/faq/#verify
*
*The main issues with the
On 7/11/07, Alec Berryman <[EMAIL PROTECTED]> wrote:
I can't speak for the security team, but the testing security team could
always use more people doing what you apparently already do - determine
which new CVEs affect Debian and find ways to get those issues fixed.
Actually I'm not currently
Alexander Konovalenko on 2007-07-11 16:59:00 +0400:
> When I maintain a secure machine, I naturally want to keep it secure
> against known attacks. I subscribe to Bugtraq and a CVE-compatible
> vulnerability database and watch them closely for anything that could
> affect my machine. When an advis
Hi,
Alexander Konovalenko wrote:
> I couldn't find any existing solutions to the problem described
> above. The testing security team does publish some of the
> information in their Secure-testing-commits, but it lacks more
> verbose explanations and is more of a tool for team members than a
> sou
Alexander Konovalenko wrote:
> On 7/11/07, Martin Schulze <[EMAIL PROTECTED]> wrote:
>>
>> Do you know about
>>
>> http://www.debian.org/security/nonvulns-etch
>
> Oh, that's great. I should have read the website more carefully! Thanks.
>
> What about providing a more elaborate summary for some iss
On 7/11/07, Martin Schulze <[EMAIL PROTECTED]> wrote:
Do you know about
http://www.debian.org/security/nonvulns-etch
Oh, that's great. I should have read the website more carefully! Thanks.
What about providing a more elaborate summary for some issues? Some
entries merely say that the bug is
Alexander Konovalenko wrote:
> Proposed solution
Do you know about
http://www.debian.org/security/nonvulns-etch
Regards,
Joey
http://www.debian.org/security/nonvulns-sarge
--
It's time to close the windows.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscrib
I would like to propose that Debian security teams publish a short
report each time they review a vulnerability in a program that's
included in Debian and find that the vulnerability does *not* affect
Debian.
Problem description
When I maintain a secure machine, I naturally want to keep it secur
On Sun, Jun 26, 2005 at 05:22:27PM +0200, Filippo Giunchedi wrote:
> [sorry for crossposting, but this is relevant to both ML, please cc]
>
> Hi,
> while searching bugtraq for not-yet-fixed security bugs, I found out that
> there
> is no reliable way (apart from testing yourself) if a package has
[sorry for crossposting, but this is relevant to both ML, please cc]
Hi,
while searching bugtraq for not-yet-fixed security bugs, I found out that there
is no reliable way (apart from testing yourself) if a package has been patched
for a specific security advisory.
It would be fine to include as b
On Sun, Jul 18, 2004 at 11:47:38PM -0400, Bradley Alexander wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Sunday 18 July 2004 23:11, Matt Zimmerman wrote:
> > As you have repeatedly confirmed, the security team is very busy.
>
> Matt,
>
> Is there anything I can do to help? I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sunday 18 July 2004 23:11, Matt Zimmerman wrote:
> As you have repeatedly confirmed, the security team is very busy.
Matt,
Is there anything I can do to help? I am a security engineer, but not a
programmer. Let me know what you need done.
> Gene
On Tue, Jul 06, 2004 at 08:06:36PM +0200, Jeroen van Wolffelaar wrote:
> Or is there some reason filing bugs like I described here isn't
> wanted?
As you have repeatedly confirmed, the security team is very busy.
Generally, if an issue doesn't affect stable, I don't track it at all.
If an issue d
Could you guys please stop sending cc:s my way? Debian list policy
suggests not to do this, and I never requested cc:s.
Thank you.
-- vbi
On Saturday 10 July 2004 17.37, Florian Weimer wrote:
> * Jeroen van Wolffelaar:
> >> Actually, it's rather time-consuming to determine if a security
> >> vul
* Jeroen van Wolffelaar:
>> Actually, it's rather time-consuming to determine if a security
>> vulnerability has been published. You have to discover the
>> publication, and then you have to decide whether it's actually the
>> same issue and if it's been disclosed completely.
>
> The first thing
On Sat, Jul 10, 2004 at 12:29:11PM +0200, Florian Weimer wrote:
> * Adrian von Bidder:
>
> > I think Jeroen is thinking about security problems the security team
> > already knows about but has not yet had time to handle (and which have
> > already been made public somewhere else.) Stupid if som
* Adrian von Bidder:
> I think Jeroen is thinking about security problems the security team
> already knows about but has not yet had time to handle (and which have
> already been made public somewhere else.) Stupid if somebody has to
> search the sources *again* if the security team already ha
On Wednesday 07 July 2004 18.28, Matt Zimmerman wrote:
> On Wed, Jul 07, 2004 at 01:17:01PM +0200, Jeroen van Wolffelaar wrote:
> > On Wed, Jul 07, 2004 at 02:49:54AM +0200, Javier Fern?ndez-Sanguino
Pe?a wrote:
> > > Why does the security team have to do this? Anybody can do it.
> > Not without
On Wed, Jul 07, 2004 at 01:17:01PM +0200, Jeroen van Wolffelaar wrote:
> On Wed, Jul 07, 2004 at 02:49:54AM +0200, Javier Fern?ndez-Sanguino Pe?a wrote:
> > Why does the security team have to do this? Anybody can do it.
>
> Not without spending lots of time crawling through security lists,
> CAN/
On Wed, Jul 07, 2004 at 02:49:54AM +0200, Javier Fern?ndez-Sanguino Pe?a wrote:
> On Tue, Jul 06, 2004 at 08:06:36PM +0200, Jeroen van Wolffelaar wrote:
> > Hi,
> >
> > As I promised in [1], a suggestion for the Debian security team.
> >
> > Since the security team is generally very busy sorting
On Tue, Jul 06, 2004 at 11:51:21PM +0200, Jeroen van Wolffelaar wrote:
security issues. I'll post a list of a few of such issues here later
tonight, that are exactly issues that could have been filed in the BTS.
If you really have so much time I'm sure you can find better things to
do than post lis
On Tue, Jul 06, 2004 at 08:06:36PM +0200, Jeroen van Wolffelaar wrote:
> Hi,
>
> As I promised in [1], a suggestion for the Debian security team.
>
> Since the security team is generally very busy sorting out any kind of
> vulnerability, sometimes fixes can take a little bit longer than usual,
>
On Tue, Jul 06, 2004 at 10:39:09PM +0200, Bernd Eckenfels wrote:
> In article <[EMAIL PROTECTED]> you wrote:
> > mdz told me this isn't done for practical reasons: the BTS isn't very
> > suitable for tracking which versions are affected, and a sid upload can
> > close such a bug while it's still in
In article <[EMAIL PROTECTED]> you wrote:
> mdz told me this isn't done for practical reasons: the BTS isn't very
> suitable for tracking which versions are affected, and a sid upload can
> close such a bug while it's still in woody. While I think it'd still be
> possible without too much hassle, i
On Tue, Jul 06, 2004 at 09:13:18PM +0200, Jeroen van Wolffelaar wrote:
> On Tue, Jul 06, 2004 at 03:08:38PM -0400, Michael Stone wrote:
> > On Tue, Jul 06, 2004 at 08:06:36PM +0200, Jeroen van Wolffelaar wrote:
> > >As an example, take CAN-2004-0519, CAN-2004-0520 and CAN-2004-0521, all
> > >three
On Tue, Jul 06, 2004 at 03:08:38PM -0400, Michael Stone wrote:
> On Tue, Jul 06, 2004 at 08:06:36PM +0200, Jeroen van Wolffelaar wrote:
> >As an example, take CAN-2004-0519, CAN-2004-0520 and CAN-2004-0521, all
> >three not yet solved in woody, but also not filed in the BTS (hm, two of
> >them dire
On Tue, Jul 06, 2004 at 08:06:36PM +0200, Jeroen van Wolffelaar wrote:
As an example, take CAN-2004-0519, CAN-2004-0520 and CAN-2004-0521, all
three not yet solved in woody, but also not filed in the BTS (hm, two of
them directly refer to a patch[2][3] solving it...).
Go ahead and file the bug.
Mik
Hi,
As I promised in [1], a suggestion for the Debian security team.
Since the security team is generally very busy sorting out any kind of
vulnerability, sometimes fixes can take a little bit longer than usual,
especially if the impact is relatively low.
Taking the Social Contracts 'We will not
On Tue, 24 Sep 2002, Johann Beretta wrote:
> > I suggest you first read:
> > http://home.rica.net/alphae/419coal/
> >
> > Which clearly describes the working of this scam... Just ignore it, or
> > send it on to the relevant government agency...
>
> He was being sarcastic... Everyone knows it's
On Tue, 24 Sep 2002, Johann Beretta wrote:
> > I suggest you first read:
> > http://home.rica.net/alphae/419coal/
> >
> > Which clearly describes the working of this scam... Just ignore it, or
> > send it on to the relevant government agency...
>
> He was being sarcastic... Everyone knows it'
also sprach Mark Janssen <[EMAIL PROTECTED]> [2002.09.24.0914 +0200]:
> I suggest you first read:
> http://home.rica.net/alphae/419coal/
>
> Which clearly describes the working of this scam... Just ignore it, or
> send it on to the relevant government agency...
I don't think that Brad was very se
> I suggest you first read:
> http://home.rica.net/alphae/419coal/
>
> Which clearly describes the working of this scam... Just ignore it, or
> send it on to the relevant government agency...
>
He was being sarcastic... Everyone knows it's a scam..
On Tue, 2002-09-24 at 09:07, Brad Corsello wrote:
>
> I propose that we accept Dr. Adams's proposal and use the windfall to fund
> Debian development. Who wants to put up the money for his "fees?"
>
> >From: "Dr. Kola Adams" <[EMAIL PROTECTED]>
I propose that we accept Dr. Adams's proposal and use the windfall to fund
Debian development. Who wants to put up the money for his "fees?"
From: "Dr. Kola Adams" <[EMAIL PROTECTED]>
Reply-To: "Dr. Kola Adams" <[EMAIL PROTECTED]>
To:
Subjec
also sprach Mark Janssen <[EMAIL PROTECTED]> [2002.09.24.0914 +0200]:
> I suggest you first read:
> http://home.rica.net/alphae/419coal/
>
> Which clearly describes the working of this scam... Just ignore it, or
> send it on to the relevant government agency...
I don't think that Brad was very s
> I suggest you first read:
> http://home.rica.net/alphae/419coal/
>
> Which clearly describes the working of this scam... Just ignore it, or
> send it on to the relevant government agency...
>
He was being sarcastic... Everyone knows it's a scam..
--
To UNSUBSCRIBE, email to [EMAIL PROT
24 September 2002
From:Kola Adams
[EMAIL PROTECTED]
Dear Sir,
PRIVATE & CONFIDENTIAL
My search for a trustworthy individual/firm has led me to you. I have
access to what most firms and individuals need the most-FUNDS; but I lack
the full manpower (contacts) to put the funds to good use.
The
On Tue, 2002-09-24 at 09:07, Brad Corsello wrote:
>
> I propose that we accept Dr. Adams's proposal and use the windfall to fund
> Debian development. Who wants to put up the money for his "fees?"
>
> >From: "Dr. Kola Adams" <[EMAIL PROTECTED]>
I propose that we accept Dr. Adams's proposal and use the windfall to fund
Debian development. Who wants to put up the money for his "fees?"
>From: "Dr. Kola Adams" <[EMAIL PROTECTED]>
>Reply-To: "Dr. Kola Adams" <[EMAIL PROTECTED]>
>To:
24 September 2002
From:Kola Adams
[EMAIL PROTECTED]
Dear Sir,
PRIVATE & CONFIDENTIAL
My search for a trustworthy individual/firm has led me to you. I have
access to what most firms and individuals need the most-FUNDS; but I lack
the full manpower (contacts) to put the funds to good use.
The
On Mon, Jun 24, 2002 at 07:33:12AM -0400, Anthony DeRobertis wrote:
>
> On Sunday, June 23, 2002, at 05:21 , Matthew Sackman wrote:
>
> >If I've missed something obvious, please shout at me ;-)
>
> Only problem is that a Snort that has reached its second
> birthday may not be happy with the new
On Sunday, June 23, 2002, at 05:21 , Matthew Sackman wrote:
If I've missed something obvious, please shout at me ;-)
Only problem is that a Snort that has reached its second
birthday may not be happy with the new definitions.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of
On Sunday, June 23, 2002, at 01:29 , Peter Cordes wrote:
Still, is anybody working on adding rsync support to apt?
That would, CPU-wise, kill the server. Last I checked (and
please correct me if the Samba folks have managed the
impossible), having hundreds of concurrent rsyncs running is no
On Sun, Jun 23, 2002 at 04:51:20PM -0400, Phillip Hofmeister wrote:
> > Well, still binary patching could be implemented (although, in a rather
> > osbscure way) using pre-install scripts which would patch the definition
> > files. However, this would require two packages providing the same
> > ver
> Well, still binary patching could be implemented (although, in a rather
> osbscure way) using pre-install scripts which would patch the definition
> files. However, this would require two packages providing the same
> version of the definition files (a patch package and a complete
> new-version p
On Sun, Jun 23, 2002 at 11:49:02AM -0500, Steve Langasek wrote:
> On Sun, Jun 23, 2002 at 01:25:56PM -0300, Peter Cordes wrote:
> > On Sun, Jun 23, 2002 at 12:46:27AM +0300, Pavel Minev Penev wrote:
> > > I would think of using xdelta, or similar to distrubute changes as
> > > binary patches, since
On Sun, Jun 23, 2002 at 11:49:02AM -0500, Steve Langasek wrote:
> On Sun, Jun 23, 2002 at 01:25:56PM -0300, Peter Cordes wrote:
> > Unfortunately, it's probably too late to integrate rsync into the whole apt
> > system, so it can rsync stuff in /var/cache/apt/archives.
>
> First thing's first: we
On Sun, Jun 23, 2002 at 01:25:56PM -0300, Peter Cordes wrote:
> On Sun, Jun 23, 2002 at 12:46:27AM +0300, Pavel Minev Penev wrote:
> > I would think of using xdelta, or similar to distrubute changes as
> > binary patches, since there could be a real server overload when a few
> > hundred administra
On Sun, Jun 23, 2002 at 12:46:27AM +0300, Pavel Minev Penev wrote:
> I would think of using xdelta, or similar to distrubute changes as
> binary patches, since there could be a real server overload when a few
> hundred administrators and mere people start downloading the brand new
> deifinitions si
On Sat, 22 Jun 2002 16:45:05 -0400
"Phillip Hofmeister" <[EMAIL PROTECTED]> wrote:
> On Sat, Jun 22, 2002 at 09:07:37PM +0100, Matthew Sackman wrote:
> > If you could draw up a list of packages that needs to be dealt with by
> > this new system then I would be glad to work through them in a couple
On Sat, Jun 22, 2002 at 12:21:12AM -0500, Steve Langasek wrote:
> Hello Matthew,
>
> I'm glad to see others thinking along the same lines. However,
> precisely because of the nature of the issues surrounding such packages
> -- the need for frequent updates even when running stable, the fact that
On Sat, Jun 22, 2002 at 09:07:37PM +0100, Matthew Sackman wrote:
> If you could draw up a list of packages that needs to be dealt with by
> this new system then I would be glad to work through them in a couple of
> weeks and work out which files are the ones that need new packages
> creating for th
On Sat, Jun 22, 2002 at 08:27:58AM -0500, Steve Langasek wrote:
> On Sat, Jun 22, 2002 at 06:24:39PM +1200, Nick Phillips wrote:
> > On Sat, Jun 22, 2002 at 12:21:12AM -0500, Steve Langasek wrote:
>
> > > I think it shouldn't be /too/ hard to find other developers interested
> > > in working on th
On Sat, Jun 22, 2002 at 06:24:39PM +1200, Nick Phillips wrote:
> On Sat, Jun 22, 2002 at 12:21:12AM -0500, Steve Langasek wrote:
> > I think it shouldn't be /too/ hard to find other developers interested
> > in working on this...
> For example, I intend in the near-ish future to make up-to-date m
#x27;t rely
on getting official support if you want to do this.
> I am putting this proposal forward for someone else to run with.
So, if someone does want to run with it, you probably should see about
setting up an apt-able archive on satie.debian.org (which is outside the
US -- note that th
On Sat, Jun 22, 2002 at 12:21:12AM -0500, Steve Langasek wrote:
> I think it shouldn't be /too/ hard to find other developers interested
> in working on this...
For example, I intend in the near-ish future to make up-to-date mailscanner
.debs available whether or not any other bunch of packages d
, this be logged as a security
> bug.
Incidentally, in addition to virus signatures, vulnerability scanners,
and IDS definitions, I also nominate spam signatures (spamassassin) for
inclusion in such an archive.
> I am putting this proposal forward for someone else to run with. I have
> a lot o
that this will augment things like the Debian Gibraltar
firewall, and email server projects etc.
I am putting this proposal forward for someone else to run with. I have
a lot of commitments to the Linux Aid Server project
(http://www.anathoth.gen.nz) and I have found that I have had to devote
On Fri, Mar 02, 2001 at 07:13:22PM +1100, Steve wrote:
> Hi,
>
> Would it be possible for the latest version of OpenSSH (2.5.1 in
> unstable) to be back-ported to potato and added to proposed updates
> once it enters testing.
>
I second that.
>
> Disclaimer: I am not a developer. However, I am
On Fri, Mar 02, 2001 at 07:13:22PM +1100, Steve wrote:
> Hi,
>
> Would it be possible for the latest version of OpenSSH (2.5.1 in
> unstable) to be back-ported to potato and added to proposed updates
> once it enters testing.
>
I second that.
>
> Disclaimer: I am not a developer. However, I a
Hi,
Would it be possible for the latest version of OpenSSH (2.5.1 in
unstable) to be back-ported to potato and added to proposed updates
once it enters testing.
I propose this due to the recent set of ssh vulnerabilities most (all?)
of which didn't apply to 2.3.0, and the concerns over the fundam
Hi,
Would it be possible for the latest version of OpenSSH (2.5.1 in
unstable) to be back-ported to potato and added to proposed updates
once it enters testing.
I propose this due to the recent set of ssh vulnerabilities most (all?)
of which didn't apply to 2.3.0, and the concerns over the funda
On 13 Feb 2001, at 17:14, Paul Haesler wrote:
> All,
>
> Carlos wrote:
> > Sorry to disturb you all, but I am not too interested in the huge
> > threads that have appeared in debian-security lately. I subscribed
> > to this list mostly to get noticed of security problems in the
> > distribution i
On 13 Feb 2001, at 17:14, Paul Haesler wrote:
> All,
>
> Carlos wrote:
> > Sorry to disturb you all, but I am not too interested in the huge
> > threads that have appeared in debian-security lately. I subscribed
> > to this list mostly to get noticed of security problems in the
> > distribution
All,
Carlos wrote:
> Sorry to disturb you all, but I am not too interested in the huge
> threads that have appeared in debian-security lately. I subscribed to
> this list mostly to get noticed of security problems in the
> distribution itself, and it seems like people are using it to get
> answers
On Tue, Feb 13, 2001 at 02:29:19AM -0200, Carlos Laviola wrote:
> Sorry to disturb you all, but I am not too interested in the huge threads
> that have appeared in debian-security lately. I subscribed to this list
> mostly to get noticed of security problems in the distribution itself, and
> it see
This if from the Debian mailing list subscribe page at:
http://www.debian.org/MailingLists/subscribe
debian-security-announce
The security team informs the users about security problems here. Mainly
security advisories covering fixed packages are released.
Moderated:
Sorry to disturb you all, but I am not too interested in the huge threads
that have appeared in debian-security lately. I subscribed to this list
mostly to get noticed of security problems in the distribution itself, and
it seems like people are using it to get answers now (like debian-user
focused
All,
Carlos wrote:
> Sorry to disturb you all, but I am not too interested in the huge
> threads that have appeared in debian-security lately. I subscribed to
> this list mostly to get noticed of security problems in the
> distribution itself, and it seems like people are using it to get
> answer
On Tue, Feb 13, 2001 at 02:29:19AM -0200, Carlos Laviola wrote:
> Sorry to disturb you all, but I am not too interested in the huge threads
> that have appeared in debian-security lately. I subscribed to this list
> mostly to get noticed of security problems in the distribution itself, and
> it se
This if from the Debian mailing list subscribe page at:
http://www.debian.org/MailingLists/subscribe
debian-security-announce
The security team informs the users about security problems here. Mainly
security advisories covering fixed packages are released.
Moderated
Sorry to disturb you all, but I am not too interested in the huge threads
that have appeared in debian-security lately. I subscribed to this list
mostly to get noticed of security problems in the distribution itself, and
it seems like people are using it to get answers now (like debian-user
focuse
On Sunday, 2000-12-24 at 02:59:23 +1100, Peter Eckersley wrote:
> I threw together a detailed design proposal for a simpler system; it's
> sitting at
> http://www.cs.mu.oz.au/~pde/antiparanoia/design.txt
> I've started implementing a few bits and pieces of it, but I'
Peter Eckersley <[EMAIL PROTECTED]> wrote:
> I've started implementing a few bits and pieces of it, but I'd
> appreciate comments and constructive criticism before I do too much.
The basic goal looks nice (especially the Debian-specific part), however
on the implementation side... the need to rebo
On Sunday, 2000-12-24 at 02:59:23 +1100, Peter Eckersley wrote:
> I threw together a detailed design proposal for a simpler system; it's
> sitting at
> http://www.cs.mu.oz.au/~pde/antiparanoia/design.txt
> I've started implementing a few bits and pieces of it, but I'
Hello again...
Thankyou to the people who offered encouragement, useful suggestions and
the opportunity to thoroughly defend my proposal :)
I investigated FreeVeracity as a possible basis for a Debian auditing
system. I'd actually seen the original announcement on slashdot, but
payed
Peter Eckersley <[EMAIL PROTECTED]> wrote:
> I've started implementing a few bits and pieces of it, but I'd
> appreciate comments and constructive criticism before I do too much.
The basic goal looks nice (especially the Debian-specific part), however
on the implementation side... the need to reb
Hello again...
Thankyou to the people who offered encouragement, useful suggestions and
the opportunity to thoroughly defend my proposal :)
I investigated FreeVeracity as a possible basis for a Debian auditing
system. I'd actually seen the original announcement on slashdot, but
payed
94 matches
Mail list logo
