On 10:57 Thu 24 Apr 2014, Paul Wise wrote: > ..[snip].. > https://wiki.debian.org/Hardening/Goals
Regarding the line (at that page): > Refuse to install packages that are known to have X number of unplugged > exploits (i.e. X number of open security bugs in the bug tracker) unless > e.g. --allow-vulnerable-packages is used. This makes it clear that you are > installing software that is vulnerable. I suggest it might be better if exploits were each given a quick/approximate "ranking" in terms of severity (and if the severity is unknown it could be assigned a default median ranking), so that the algorithm you mention wouldn't just add number of unplugged exploits, but add them by weight. For example: the recent heartbleed exploit would be worth more than a few smaller exploits in less critical software, and would be calculated as such... -- PGP fingerprint: BB0A 0787 C0EE BDD8 7F97 3D30 49F2 13A5 265D CCBD -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140424080627.GB31307@hernia
