Hosting Provided By

Re: [SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability

From: Noah Meyerhans <noahm(at)debian.org>
Date: Fri Jan 11 2008 - 13:07:23 EST

On Fri, Jan 11, 2008 at 12:53:08PM -0500, Joey Hess wrote:
> Noah Meyerhans wrote:
> > We mention all the binary packages in the advisory because they're the
> > versions that are going to be installed by apt* and people are going
> > to want checksums, file sizes, etc.
>
> .. For no good reason, since apt checks all those things for you.
>
> That information is a confusing relic, and could be removed from the
> advisory templates.

I agree, but there's no concensus within the security team about this. The argument is that not all sites can or choose to use apt to install updated packages, and that we should make it reasonably convinent for these sites to verify package integrity via other means.

noah

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


application/pgp-signature attachment: Digital signature

Received on Fri Jan 11 13:09:31 2008

This message: [ Message body ]
Next message: James Shupe: "Re: [SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability"
Previous message: Joey Hess: "Re: [SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability"
In reply to: Joey Hess: "Re: [SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability"
Next in thread: James Shupe: "Re: [SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability"
Reply: James Shupe: "Re: [SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 06:55:12 EDT