Re: debian.org/security is wrong to say what it does

To: debian-user@lists.debian.org
Subject: Re: debian.org/security is wrong to say what it does
From: maxwillb <maxwillb@mailfence.com>
Date: Sun, 26 Dec 2021 21:36:47 +0100 (CET)
Message-id: <[🔎] 600413121.535764.1640551007058@ichabod.co-bxl>
In-reply-to: <[🔎] YchfOiBhmDWG3Eac@einval.com>
References: <[🔎] 461915924.365881.1640387246679@ichabod.co-bxl> <[🔎] YccT2zGMlPm7E5wu@einval.com> <[🔎] 240282256.412431.1640442971976@ichabod.co-bxl> <Ycc169WpEGYNBkuj@einval.com> <[🔎] 1938169314.453842.1640477993202@ichabod.co-bxl> <[🔎] YchfOiBhmDWG3Eac@einval.com>

December 26, 2021 1:25:30 PM CET "Andrew M.A. Cater" <amacater@einval.com> wrote:

> but that doesn't mean that everything marked as vulnerable is still at risk.

I couldn't understand what you meant, and figured you were referring to some extra hardening done by Debian. Did some googling, and apparently, it's the opposite. Debian disables Chromium's own hardening?

https://www.whonix.org/wiki/Dev/Chromium#Chromium_Debian_Package_Security

"""
Thus, the Debian Chromium has substantially worsened
security than an official version. However, despite this,
it may still be more secure than Firefox (Firefox never
had many of the disabled mitigations in the first place).
"""

> If you're unhappy with data presentation, feel free to contact the security team

Am I the only one unhappy with it? Are you happy with it?

-- 
Sent with https://mailfence.com  
Secure and private email

Reply to:

Follow-Ups:
- Re: debian.org/security is wrong to say what it does
  - From: "Andrew M.A. Cater" <amacater@einval.com>

References:
- How to see the list of CRITICALLY vulnerable packages in Debian?
  - From: maxwillb <maxwillb@mailfence.com>
- Re: How to see the list of CRITICALLY vulnerable packages in Debian?
  - From: "Andrew M.A. Cater" <amacater@einval.com>
- Re: How to see the list of CRITICALLY vulnerable packages in Debian?
  - From: maxwillb <maxwillb@mailfence.com>
- debian.org/security is wrong to say what it does
  - From: maxwillb <maxwillb@mailfence.com>
- Re: debian.org/security is wrong to say what it does
  - From: "Andrew M.A. Cater" <amacater@einval.com>

Prev by Date: Re: Peak load handling by Debian repository servers ????
Next by Date: Re: debian.org/security is wrong to say what it does
Previous by thread: Re: debian.org/security is wrong to say what it does
Next by thread: Re: debian.org/security is wrong to say what it does
Index(es):
- Date
- Thread