[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#743892: please include security.debian.org in sources.list



Thanks for patching quickly all!

When can we expect the cloudfront.debian.net repos to be updated with the fix?

On Tue, Apr 8, 2014 at 8:03 AM, Anders Ingemann <anders@ingemann.de> wrote:
> Already merged about an hour ago ;-)
>
>
> Anders
>
>
> On 8 April 2014 16:57, Bromberger, James <jameseb@amazon.com> wrote:
>>
>> I've pushed a patch to bootstrap-vz that should fix this; pending review
>> and merge req pull by Anders.
>>
>>
>>
>>   James
>>
>>
>>
>>
>>
>> James Bromberger | Solution Architect | Amazon Web Services
>>
>> E: jameseb@amazon.com   P: +61 422 166 708   T:@JamesBromberger
>>
>>
>>
>> From: Jimmy Kaplowitz [mailto:jkaplowitz@google.com]
>> Sent: Tuesday, 8 April 2014 5:22 PM
>> To: Anders Ingemann; 743892@bugs.debian.org
>> Cc: Jonathan Landis
>> Subject: Bug#743892: please include security.debian.org in sources.list
>>
>>
>>
>> The http.debian.net source is presumably the wheezy version of this:
>>
>>
>>
>> http://www.debian.org/News/2011/20110215
>>
>>
>>
>> - Jimmy
>>
>>
>>
>> On Tue, Apr 8, 2014 at 12:02 AM, Anders Ingemann <anders@ingemann.de>
>> wrote:
>>
>> On 8 April 2014 02:48, Jonathan Landis <jkl@calibersecurity.com> wrote:
>> >
>> > Package: cloud.debian.org
>> >
>> > The heartbleed bug has created a situation in which servers must be
>> > upgraded immediately. At the moment the default mirrors listed in the Debian
>> > Wheezy AMI image don't have the patches yet, but security.debian.org does.
>> > So users of the existing image have to update sources.list on each of their
>> > servers if they want to get patched ASAP.
>> >
>> > Is there any reason not to include security.debian.org in sources.list
>> > by default?
>> >
>> >
>> > --
>> > To UNSUBSCRIBE, email to debian-cloud-request@lists.debian.org
>> > with a subject of "unsubscribe". Trouble? Contact
>> > listmaster@lists.debian.org
>> > Archive: 53434779.2010007@calibersecurity.com">https://lists.debian.org/53434779.2010007@calibersecurity.com
>> >
>>
>> > Is there any reason not to include security.debian.org in sources.list
>> > by default?
>>
>> Not really. There is a hanging PR at
>> https://github.com/andsens/bootstrap-vz/pull/33
>> It's hanging because I never got an answer to my question: What's the
>> difference between:
>>
>> http://security.debian.org/  wheezy/updates ...
>> and
>> http://http.debian.net/  wheezy-updates ...
>> ?
>>
>> I am pretty sure only the first one should be there, but I can't for the
>> life of me figure out why wheezy-updates was added. Is it a bogus source?
>>
>> The source is here.
>>
>>
>>
>>
>
>


Reply to: