Petter Reinholdtsen wrote: > [Thomas Viehmann] > >>For installation at least, a local root hole is completely >>irrelevant. (There is no root password and no users.) >>The only thing that needs to be ensured is that the installed kernel >>is not vulnerable. That means >>- until a new point release is made, stock kernels should be automatically >> upgraded via the security.d.o apt-lines, > > > This do not work as you expect it. The kernel used by b-f is copied > into place on the HD by b-f. There is no package to upgrade. No > kernel package is installed by b-f, and the people with a stock woody > will have the security problem until they manually install a new and > improved kernel. Yes. I see now. Sorry for the misinformation. Cheers T.
Description: PGP signature