Re: End-user laptop firewall available?
babataz baba...@free.fr writes: Here some basic configuration for iptables : If you want to configure these manually you need to also take care of ip6tables. Debian listens on a link-local ipv6 address by default. It can be accessed by anyone in the local network. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/84y53v2n38@sauna.l.org
Re: Script to System Check Integrity against Debian Package Repository
adrelanos adrela...@riseup.net writes: * No code within the untrusted system must be required to be executed in order for the check, since no code inside the vm image is trusted while testing. How about using https://github.com/devstructure/blueprint? -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/84r4cme2yj@sauna.l.org
Re: Compromising Debian Repositories
adrelanos adrela...@riseup.net writes: Some Debian maintainers are working on deterministic builds, although they call it reproducible builds, that's great! Link: https://wiki.debian.org/ReproducibleBuilds Terminology is hard :) As mentioned in the bof we can make sure that the build is deterministic or we can record sources of randomness (gettimeofday calls etc.) and then replay then in subsequent builds. Would that still qualify as deterministic for you? See the references I added for deterministic virtual machines, their fight agaist the rdtsc instruction is exactly the same that we have with gettimeofday :) -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/844nai8bwe@sauna.l.org