Re: making Debian secure by default
On Fri, 29 Mar 2024 16:53:04 +0000
Andy Smith <andy@strugglers.net> wrote:
> Hello,
>
> On Thu, Mar 28, 2024 at 05:47:44PM -0000, Curt wrote:
> > On 2024-03-28, Greg Wooledge <greg@wooledge.org> wrote:
> > >
> > > A more proactive endeavor would be to document known best
> > > practices
> >
> > It makes no fucking difference, because your important data is
> > elsewhere and completely out of your control.
>
> I WAS going to gently suggest that you have a lie down in a cool,
> shaded room, but which of us had this on our 2024 bingo card?
>
> https://www.openwall.com/lists/oss-security/2024/03/29/4
>
> (Upstream xz/lzma project compromised, hostile code inserted into
> sshd in Debian sid and other leading edge distros.)
>
Hah! Most of us remember Heartbleed.
He's actually referring to credentials stored externally being
compromised. I'm not sure what can be done about that: maybe make some
kind of, you know, law, about storing sensitive data, and prosecuting
people who are responsible for failure to keep it secure... nothing
like accountability for discouraging negligence.
--
Joe
Reply to: