On Fri, Jun 18, 2010 at 2:33 PM, Andres P wrote:
> On Fri, Jun 18, 2010 at 1:18 AM, Jeffrey 'jf' Lim wrote:
>>
>> ah yes, SSL! sorry :)
>>
>
> On 2006-05-01 22:34:12, Ulf Möller, openssl developer [1], responded
> [2] to openssl packager Kurt Roeckx [3] saying that he was for
> applying the patch
On Fri, Jun 18, 2010 at 1:18 AM, Jeffrey 'jf' Lim wrote:
>
> ah yes, SSL! sorry :)
>
On 2006-05-01 22:34:12, Ulf Möller, openssl developer [1], responded
[2] to openssl packager Kurt Roeckx [3] saying that he was for
applying the patch just to keep valgrind quiet.
But openssl doesn't like to tal
On Fri, Jun 18, 2010 at 1:25 PM, Andres P wrote:
> On Thu, Jun 17, 2010 at 10:18 PM, Jeffrey 'jf' Lim
> wrote:
>> On Fri, Jun 18, 2010 at 8:33 AM, C Anthony Risinger wrote:
>>>
>>> security is the responsibility of those deploying, not those
>>> packaging. it requires end-to-end oversight and
On Thu, Jun 17, 2010 at 10:18 PM, Jeffrey 'jf' Lim wrote:
> On Fri, Jun 18, 2010 at 8:33 AM, C Anthony Risinger wrote:
>>
>> security is the responsibility of those deploying, not those
>> packaging. it requires end-to-end oversight and complete
>> configuration toward a specific and particular
On Fri, Jun 18, 2010 at 8:33 AM, C Anthony Risinger wrote:
>
> security is the responsibility of those deploying, not those
> packaging. it requires end-to-end oversight and complete
> configuration toward a specific and particular purpose; something that
> is not possible for those creating a di
On Thu, Jun 17, 2010 at 6:12 PM, Burlynn Corlew Jr wrote:
> I am going to vote that you please do not CC all of this to arch-general.
> Many of us are not concerned with this, and already this afternoon I've seen
> enough mail regarding it that I can see it as a problem. The arch-security
> list h
On Thu, Jun 17, 2010 at 1:32 PM, Ananda Samaddar wrote:
> I've created a Google Group here for discussion around creating an Arch
> Security Team:
>
> http://groups.google.com/group/arch-security
>
> Please join it if you're interested. The reason for this group is in
> response to my rejected su
On Friday 18 of June 2010 00:35:19 Miah Johnson wrote:
> I think there is much more that can be done besides the short list from
> Ananda. The thing you have to remember is that "security" does not mean
> "I'm running the newest code.".
>
> Things to remember:
> 1. There is no such thing as "secur
On Fri, 18 Jun 2010 01:00:57 +0200, Ng Oon-Ee wrote:
My OPINION is that Arch is not a distro for those who do not want to do
regular total updates. Of course, some have individual packages in
NoUpgrade, but the number of problems which crop up which come down to
"you didn't run pacman -Syu!" is
Comments interspersed on a few points.
On Thu, 2010-06-17 at 15:35 -0700, Miah Johnson wrote:
> I think there is much more that can be done besides the short list from
> Ananda. The thing you have to remember is that "security" does not mean "I'm
> running the newest code.".
>
> Things to remembe
On Fri, 18 Jun 2010 00:35:19 +0200, Miah Johnson wrote:
Things to remember:
1. There is no such thing as "secure".
2. Proper security consists of multiple layers of defense.
Additional examples of things the AST could do:
1. Propose changes to default configuration files to be "more secure",
I think there is much more that can be done besides the short list from
Ananda. The thing you have to remember is that "security" does not mean "I'm
running the newest code.".
Things to remember:
1. There is no such thing as "secure".
2. Proper security consists of multiple layers of defense.
Add
On Thu, 17 Jun 2010 20:57:56 +0200, Ananda Samaddar
wrote:
1. Check for vulnerabilities
2. Know how to use PKGBUILDS and abs
3. Can spare some time to send announcements, create interim PKGBUILDs
and file security issues on the bug tracker.
1. [testing] users do that
2. [testing] users, Dev
On Thu, 17 Jun 2010 13:45:17 -0500
Dan McGee wrote:
>
> Sounds like a blast from the past:
> http://wiki.archlinux.org/index.php/Security_Task_Force
> http://code.google.com/p/arch-sheriff/
>
> Best of luck this time around.
>
> -Dan
As I've mentioned before, I don't think getting the process
Cool. I just joined.
-Miah
On Thu, Jun 17, 2010 at 11:45 AM, Dan McGee wrote:
> On Thu, Jun 17, 2010 at 1:32 PM, Ananda Samaddar
> wrote:
> > I've created a Google Group here for discussion around creating an Arch
> > Security Team:
> >
> > http://groups.google.com/group/arch-security
> >
> >
On Thu, Jun 17, 2010 at 1:32 PM, Ananda Samaddar wrote:
> I've created a Google Group here for discussion around creating an Arch
> Security Team:
>
> http://groups.google.com/group/arch-security
>
> Please join it if you're interested. The reason for this group is in
> response to my rejected su
I've created a Google Group here for discussion around creating an Arch
Security Team:
http://groups.google.com/group/arch-security
Please join it if you're interested. The reason for this group is in
response to my rejected suggestion for an arch-security mailing list.
I'll CC any policy or pro
17 matches
Mail list logo
