Re: Concerns about Security of packages in Debain OS and the Operating system itself.

> i did the analysis (took 3 weeks) Do you have a publication of that analysis? I was thinking the same about the organization of Debian for some time but never did analysis or compared it to other distros. Also I like to add that reproducible builds are an excellent addition to the mechanisms yo

Reaction to potential PGP schism

Hello everyone As you probably know, Debian relies heavily on GnuPG for various purposes, including: - developer communication - signing of tarballs and patches - automated processes such as update validation by APT The OpenPGP Working Group at IETF is currently working on a new standard. https:

Re: Reaction to potential PGP schism

Interesting point in this talk: The APT team is already working on non- PGP signatures. https://wiki.debian.org/Teams/Apt/Spec/AptSign I can see the advantages of that for release signatures which use a rarely changing set of keys. However, I do not see any good alternative for PGP for personal s

Workaround for the GSM privilege escalation vulnerability

Hello everyone At the moment, there are reports about unfixed privilege escalation vulnerabilities in the GSM kernel module (n_gsm) in the tech news. This kernel module is shipped with Debian by default. Two security researchers both claim credit for their discovery[1][2]. Neither researcher do no

Use ~/.ssh/config

On Tue, 2025-05-13 at 11:39 +0100, Chris Boot wrote: > I don't think that your software _should_ offer cipher selection > options to override SSH defaults at all, instead just using the > default options. I second this. This way, the secure defaults will evolve over time with future releases of Op