Re: [SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability
From: "James Shupe" <shupej@hermetek.com>
Date: Fri, 11 Jan 2008 13:20:31 -0500 (EST)
Message-id: <[🔎] 55591.71.57.235.216.1200075631.squirrel@hermetek.com>
In-reply-to: <[🔎] 20080111180723.GJ3899@morgul.net>
References: <E1JD4JP-0007kr-HW@klecker.debian.org> <[🔎] 1200004158.29551.5.camel@localhost> <[🔎] 20080110223026.GG3899@morgul.net> <[🔎] 1200025507.7772.11.camel@localhost> <[🔎] 20080111043715.GH3899@morgul.net> <[🔎] 20080111175308.GD6297@kodama.kitenet.net> <[🔎] 20080111180723.GJ3899@morgul.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I don't think there is anything wrong with the templates... Just because
it doesn't suit you specifically doesn't mean it doesn't help out somebody
else. It's always better to have too much information than too little.

On Fri, January 11, 2008 1:07 pm, Noah Meyerhans wrote:
> On Fri, Jan 11, 2008 at 12:53:08PM -0500, Joey Hess wrote:
>> Noah Meyerhans wrote:
>> > We mention all the binary packages in the advisory because they're the
>> > versions that are going to be installed by apt* and people are going
>> > to want checksums, file sizes, etc.
>>
>> .. For no good reason, since apt checks all those things for you.
>>
>> That information is a confusing relic, and could be removed from the
>> advisory templates.
>
> I agree, but there's no concensus within the security team about this.
> The argument is that not all sites can or choose to use apt to install
> updated packages, and that we should make it reasonably convinent for
> these sites to verify package integrity via other means.
>
> noah
>
>

- -- 
James Shupe
HermeTek Network Solutions
http://www.hermetek.com
1.866.325.6207

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iEYEARECAAYFAkeHs28ACgkQVwQZh6k43zofpgCcDe0YWVB9crD6lSnTQuag0HRN
0acAn2Eu2ErYpXkp/CCnxGQG6KbEWhJG
=PWa/
-----END PGP SIGNATURE-----

----------------------------------------------------------------------

This Email is covered by the Electronic Communications Privacy Act,
18 U.S.C. 2510-2521 and is legally privileged. The information
contained in this Email is intended only for use of the individual
or entity named above. If the reader of this message is not the intended
recipient, or the employee or agent responsible to deliver it to the
intended recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited.
If you have received this communication in error, please immediately
notify us by telephone 1.866.325.6207 and destroy the original message.

Reply to:

References:
- Re: [SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: [SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability
  - From: Noah Meyerhans <noahm@debian.org>
- Re: [SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: [SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability
  - From: Noah Meyerhans <noahm@debian.org>
- Re: [SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability
  - From: Joey Hess <joeyh@debian.org>
- Re: [SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability
  - From: Noah Meyerhans <noahm@debian.org>

Prev by Date: Re: [SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability
Next by Date: xine-lib (etch) buffer overflow fix
Previous by thread: Re: [SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability
Next by thread: xine-lib (etch) buffer overflow fix
Index(es):
- Date
- Thread