I want to keep my OpenWRT install up to date, and rebuild whenever there are security updates. How do I do this? I've subscribed to openwrt-devel [1] and openwrt-users [2]. They have posts about some security updates (e.g. Heartbleed [3]), but not others (e.g. Shellshock [4]). (Or, maybe I missed a post about Shellshock?)
Is it enough to subscribe to openwrt-devel and openwrt-users to know about security updates? Or, do I need to subscribe to the upstream mailing list of every package I use? Ideally I'd like a list like debian-security-announce [5] that gets posts about security updates. I'd follow it, and rebuild as needed. Am I doomed to run an insecure router [6], or is there hope? [1] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel [2] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-users [3] https://lists.openwrt.org/pipermail/openwrt-devel/2014-April/024661.html [4] https://en.wikipedia.org/wiki/Shellshock_%28software_bug%29 [5] https://lists.debian.org/debian-security-announce/ [6] https://www.eff.org/deeplinks/2014/08/def-con-router-hacking-contest-success-fun-learning-and-profit-many _______________________________________________ openwrt-users mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-users
