| 1 |
> The list is to discuss functions relating to security itself, |
| 2 |
> how do you improve your system those kind |
| 3 |
> of things. warnings relating to security. anyone can post |
| 4 |
> questions to a list. |
| 5 |
What has SPAM todo with security?!
|
| 6 |
|
| 7 |
> Your gentoo system, is as secure as you the builder of that box, |
| 8 |
> set it up to be. If you emerge 'unsecure' |
| 9 |
> things, then you'll have an less than secure box. |
| 10 |
We're testing currently the gentoo distro if it can be used in a production environment. Within that test is also included the quality of the mailinglists of the maintainer of the distro, in this case Gentoo.
|
| 11 |
|
| 12 |
|
| 13 |
> So how does a public mailing list for discussing security issues |
| 14 |
> or announcements, have any bearing on the actual security of a product? |
| 15 |
They reflect on each other. Gentoo has setup a mailinglist where it's possible to send SPAM to, this only because the list is not moderated.
|
| 16 |
Mailinglist are easy stuff. And because the security of the mailinglist is not that good, so why should the distro than even have better security policy?
|
| 17 |
|
| 18 |
The gentoo maintainers have to decide whether a post is qualified to be posted to a list. And what if i announce on the security list that Gentoo has a enormous security bug in it's portage system, while it's not true.
|
| 19 |
|
| 20 |
We're subscribed on two mailinglists gentoo-security and gentoo-annouce. Almost every announcement we get three times! One send by the gentoo-security list, the other by the gentoo-annouce list and than we receive a annoucement over both lists..
|
| 21 |
|
| 22 |
Further, Announcement of new or upgraded packages shouldn't be on the security list, they belong on the accounce list. Announcements that contains bugs or bug-fixes they belong on the security list.
|
| 23 |
For example, what has the release of Gentoo 1.4rc1 todo with security?? That's clearly a announcement.
|
| 24 |
|
| 25 |
|
| 26 |
With best regards,
|
| 27 |
|
| 28 |
Dave Mertens - Unix Systems Manager
|
| 29 |
|
| 30 |
Innovative Solutions in Media BV
|
| 31 |
Schiekade 101
|
| 32 |
3033 BG Rotterdam, Netherlands
|
| 33 |
T +31-10-2436060
|
| 34 |
F +31-10-2436066
|
| 35 |
http://www.ism.nl
|
| 36 |
|
| 37 |
Quality Solutions - Reliable Partner |
Archives