intrigeri: > Hi, > > Maxim Kammerer wrote (06 Aug 2013 09:52:36 GMT) : >> Tails references upstream advisories, or at least did so in the past. >> https://tails.boum.org/security/Numerous_security_holes_in_0.18/ > > Right, and we have no plan to stop doing this. What we've been doing > for years when releasing a new Tails that fixes security issues (that > is, basically every single one we've put out) is: > > 1. Users are told "your version of Tails has known security issue" on > startup if needed; this one has a link to a security announce like > the one Maxim pointed to. >
Seems reasonable. > 2. We issue a release announcement, such as > https://tails.boum.org/news/version_0.19/, that starts with "All > users must upgrade as soon as possible", but doesn't point to the > corresponding security advisory. After reading this thread, > I wonder if we should perhaps change this, and have this sentence > link to the security advisory. I tend to think that cross linking is a good idea. All the best, Jacob -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech