On Tue, 16 May 2017, Lars Wirzenius wrote: > If we were to do so, it should be something that helps victims, or > those in danger of becoming victims, of this non-verbal attack. Maybe > something along the lines of keeping one's systems up to date with > security updates, and having good, secure backups that an attacker > can't destroy. But that advice is already being given by numerous > others so I'm sure it's worth Debian doing it too, if for no other > reason that very few Windows users pay any attention to Debian.
Actually, we might want to issue an statement to _Debian_ users reminding them the value and necessity of keeping their Debian systems up-to-date. Maybe point to our automated solutions that remind and/or apply security updates automatically. Our users should also be reminded of the risk of allowing very old Debian releases that are no longer supported to connect to a network... It is probably worth it to also remind users that they must also keep track of firmware updates on Intel and AMD systems for platform-level fixes (Intel ME, Ryzen and Kabilake microcode, usual BIOS/UEFI platform bugs that cause severe issues with the Linux kernel). Debian cannot do this for them. -- Henrique Holschuh
