Re: Vulnerabilities rated medium or low risk may not be fixed by Debian security team, is that correct?
On Wed, Oct 19, 2016 at 12:51:06PM -0200, Henrique de Moraes Holschuh wrote:
> On Tue, Oct 18, 2016, at 18:21, Florian Weimer wrote:
> > Right. Debian kernel updates can only be applied with a reboot. If
> > we publish a kernel update, its mere availability may put some of our
> > users out of compliance with their policies, which is why we batch
> > these updates.
>
> Is this correct? Really?
Well, in certain environments I would not be surprised by a security policy
that boils down to: "If a security patch from [authorized source] becomes
available, it must be applied to all applicable systems within [short time]."
Kind regards,
Alex.
--
"Opportunity is missed by most people because it is dressed in overalls and
looks like work." -- Thomas A. Edison
Reply to:
- References:
- Vulnerabilities rated medium or low risk may not be fixed by Debian security team, is that correct?
- Re: Vulnerabilities rated medium or low risk may not be fixed by Debian security team, is that correct?
- From: Moritz Mühlenhoff <jmm@inutil.org>
- Re: Vulnerabilities rated medium or low risk may not be fixed by Debian security team, is that correct?
- Re: Vulnerabilities rated medium or low risk may not be fixed by Debian security team, is that correct?
- From: Moritz Muehlenhoff <jmm@debian.org>
- Re: Vulnerabilities rated medium or low risk may not be fixed by Debian security team, is that correct?
- Re: Vulnerabilities rated medium or low risk may not be fixed by Debian security team, is that correct?
- From: Michael Stone <mstone@debian.org>
- Re: Vulnerabilities rated medium or low risk may not be fixed by Debian security team, is that correct?
- Re: Vulnerabilities rated medium or low risk may not be fixed by Debian security team, is that correct?
- From: Michael Stone <mstone@debian.org>
- Re: Vulnerabilities rated medium or low risk may not be fixed by Debian security team, is that correct?
- From: Florian Weimer <fw@deneb.enyo.de>
- Re: Vulnerabilities rated medium or low risk may not be fixed by Debian security team, is that correct?
- From: Henrique de Moraes Holschuh <hmh@debian.org>