Debian security list (was Re: security)
email@example.com (Bernd Eckenfels) writes:
> > /* Mount Exploit for Linux, Jul 30 1996
> whats your version of the mount package? Should be fixed long ago... (if it
> isnt another bug in mount):
> Wed Aug 21 13:10:46 1996 Guy Maor <firstname.lastname@example.org>
> (Debian 1.1.6)
> o Added mount 2.5l-1
> Fixes major security hole.
It seems to me that Bernd Eckenfels did not known about the mount security
hole. As I know, the unique place where you can know that there are some
packages that MUST be updated due to security holes are linux-security,
perhaps linux-alert (but I do not sign it), and debian-users. The USENET
c.o.l.a too. RedHat normally warns about security holes in
redhat-announce-list and I think it is great. IMO, debian-users is too much
noise to be the unique debian list to have this warning.
My suggestion is that: either we create a debian-security-list or advice
about security-hole updated packages in debian-announce. Furthermore, I
suggest that, during the installation, there is an advice that people subject
to security holes problems MUST sign this list.
Alair Pereira do Lago <email@example.com> <http://www.ime.usp.br/~alair>
Computer Science Department -- Universidade de S~ao Paulo -- Brazil
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com