On Tue, Jun 19, 2001 at 11:14:06PM +0200, Julien Dupre wrote: > My idea is not to look at security alerts but trust > that debian maintainers will do it, I have a daily > cron > job which mails me if "apt-get -s upgrade" says > something > should be upgraded, is this not reasonable ?
No, it's not very reasonable! Subscribe to debian-security-announce if you want to know what's going on! It is very low traffic, which is a good thing, considering that every message on it is a security bulletin. > Is there any case where a package with a known exploit > was not upgraded quickly in stable ? The mirror you use will have some delay getting packages. For local exploits, you can just wait until the fix is in unstable, or whatever, since you probably trust your local users anyway. For remote exploits like the one against SSH, make sure you do something about it to keep your machine safe, or at least check that it already is safe. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE
