1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
whoops, i forgot to send this to the list |
5 |
|
6 |
|
7 |
| well |
8 |
| here's another idea |
9 |
| instead of putting everything into virtuals (which would be incredibly |
10 |
| bad for a number of reasons) why don't you just personally decide what |
11 |
| you want to check for vulnerabilities and then do that |
12 |
| |
13 |
| emerge -up openssh openssl apache sudo |
14 |
| and so on |
15 |
| and wait for us to implement true security checking in portage (which is |
16 |
| ~ on it's way) via GLSA's |
17 |
| |
18 |
| Joshua Brindle |
19 |
| |
20 |
| Calum wrote: |
21 |
| | On Monday 09 February 2004 12:34 pm, Matt Steven wrote: |
22 |
| | |
23 |
| | |
24 |
| |>I like the idea of |
25 |
| |> |
26 |
| |> emerge -u security |
27 |
| |> |
28 |
| |>But specifying what sort of security threat it is seems a waste of |
29 |
| time, I |
30 |
| |>think for most of us a security hole is a security hole, and they should |
31 |
| |>all be patched asap. |
32 |
| | |
33 |
| | |
34 |
| | |
35 |
| | I think it's nice to have the choice. And maybe some users run |
36 |
| firewalls, or |
37 |
| | other servers where there are no local users. (I know I'd still |
38 |
| upgrade the |
39 |
| | local stuff too, but...) Or maybe they run servers in intranet |
40 |
| environments |
41 |
| | where they don't need to upgrade because of the chance of a DoS on |
42 |
| Apache. |
43 |
| | |
44 |
| | It's all about choice. |
45 |
| | |
46 |
| | |
47 |
| | -- |
48 |
| | gentoo-security@g.o mailing list |
49 |
| | |
50 |
| | |
51 |
| |
52 |
-----BEGIN PGP SIGNATURE----- |
53 |
Version: GnuPG v1.2.3-nr1 (Windows XP) |
54 |
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org |
55 |
|
56 |
iD8DBQFAJ7wtW5Y6NVK9A7gRAlG4AJ9i8tuAJSNQnPaJWwQl4SjtG2AQYwCgs33/ |
57 |
oyLIcp6IReUV1S/17agNuVI= |
58 |
=2Zj9 |
59 |
-----END PGP SIGNATURE----- |
60 |
|
61 |
-- |
62 |
gentoo-security@g.o mailing list |