Hosting Provided By

Re: [SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability

From: James Shupe <shupej(at)hermetek.com>
Date: Fri Jan 11 2008 - 13:20:31 EST

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I don't think there is anything wrong with the templates... Just because it doesn't suit you specifically doesn't mean it doesn't help out somebody else. It's always better to have too much information than too little.

On Fri, January 11, 2008 1:07 pm, Noah Meyerhans wrote:
> On Fri, Jan 11, 2008 at 12:53:08PM -0500, Joey Hess wrote:
>> Noah Meyerhans wrote:
>> > We mention all the binary packages in the advisory because they're the
>> > versions that are going to be installed by apt* and people are going
>> > to want checksums, file sizes, etc.
>>
>> .. For no good reason, since apt checks all those things for you.
>>
>> That information is a confusing relic, and could be removed from the
>> advisory templates.
>
> I agree, but there's no concensus within the security team about this.
> The argument is that not all sites can or choose to use apt to install
> updated packages, and that we should make it reasonably convinent for
> these sites to verify package integrity via other means.
>
> noah
>
>

-- James Shupe HermeTek Network Solutions http://www.hermetek.com 1.866.325.6207

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iEYEARECAAYFAkeHs28ACgkQVwQZh6k43zofpgCcDe0YWVB9crD6lSnTQuag0HRN 0acAn2Eu2ErYpXkp/CCnxGQG6KbEWhJG
=PWa/
-----END PGP SIGNATURE-----

This Email is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521 and is legally privileged. The information contained in this Email is intended only for use of the individual or entity named above. If the reader of this message is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by telephone 1.866.325.6207 and destroy the original message.

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Fri Jan 11 13:58:25 2008

This message: [ Message body ]
Next message: Darren Salt: "xine-lib (etch) buffer overflow fix"
Previous message: Noah Meyerhans: "Re: [SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability"
In reply to: Noah Meyerhans: "Re: [SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 06:55:12 EDT