RE: [leaf-user] Security and LEAF Bering UClibc

[Troy Aden]

 Wow I am sort of surprised that no one has responded to this thread. I guess 
my concerns must be trivial. I really did not want to switch away from this 
distro since it has worked so well for us for so many years but my case for 
keeping it seems to be getting weaker and weaker since I have nothing to say 
that it is truly "secure" since there does not seem to be any mechanisms for 
making sure that the packages I am using are always kept up to date with the 
latest security patches. I guess my wish list would be having "apt-get" 
functionality. But I guess that that would add allot of bulk to the current 
distro. 

Troy


-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Amerman
Sent: Monday, August 01, 2005 3:36 PM
To: leaf-user@lists.sourceforge.net
Subject: RE: [leaf-user] Security and LEAF Bering UClibc

I'm sure that this topic is not new but it is probably one that should be 
brought up regularly incase there are new options as to how to address the 
issue.

My company, and other companies I work with (and I'm very sure we are not alone 
in this) would find it extremely valuable if there was a system/process where 
all the core LRP's were monitored for security bulletins. When one of these 
bulletins were to be released it would trigger a process of updating the LRP 
ASAP and letting everyone on, what may be a new list, that the update was 
available, a LEAF errata per say.

I think that people, including us, would contribute $ to see this put together, 
while not making it any kind of premium service, but available to everyone. It 
could just be a voluntary donation thing, or/also involve one or more bounties. 
It would also be valuable if this task was taken on by something other than 
just an individual or group of individuals, but a business that has a large 
stake in things, or some organization with some structure. The idea on this is 
credibility and stability, not only in reality but from a perception standpoint.
(Translate, I have to show my boss something that he can put some faith in.)

What do you think? What kind of discussion has happened in the past on this 
topic? Or what am I missing that is already in place to take care of this? (and 
yes I will be searching the list archive to see what I can find, but we all 
know this is not as simple as it looks.)

Thanks!

Richard Amerman

> -----Original Message-----
> From: troy [mailto:[EMAIL PROTECTED]


> How do you handle security patches for packages? For example, 
> if you were running a "full" Debian distro, a simple "apt-get 
> update" would insure that you pull down the latest security 
> patches... What is the approach to making sure UClibc is secure...?  


-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=ick
------------------------------------------------------------------------
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/


-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
------------------------------------------------------------------------
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/