On Fri, Feb 20, 2004 at 01:14:43PM +0100, Gian Piero Carrubba wrote:
> From
> http://www.debian.org/doc/manuals/securing-debian-howto/ch9.en.html#s9.1.6
>
> > When a security fix is prepared, packages are prepared for unstable
> > and the patch is back ported to stable (since stable is usually so
On Fri, Feb 20, 2004 at 02:34:37PM +0100, Adrian von Bidder wrote:
> I think this is the time where I'd like to see some hard data. Which DSA's
> would possibly have been released differently if such a reorganisation would
> have been in place?
Absolutely none. The proposed "reorganization" wa
On Fri, Feb 20, 2004 at 01:14:43PM +0100, Gian Piero Carrubba wrote:
> From
> http://www.debian.org/doc/manuals/securing-debian-howto/ch9.en.html#s9.1.6
>
> > When a security fix is prepared, packages are prepared for unstable
> > and the patch is back ported to stable (since stable is usually so
On Fri, Feb 20, 2004 at 02:34:37PM +0100, Adrian von Bidder wrote:
> I think this is the time where I'd like to see some hard data. Which DSA's
> would possibly have been released differently if such a reorganisation would
> have been in place?
Absolutely none. The proposed "reorganization" wa
贵公司<厂>您好!
本公司因进项大于销项现有余额<增值税电脑版发票、普通商品销售发票>可以代开。可以代寻开其它行业发票如运输发票、建筑发票、机动车发票、汽车维修发票..。
如贵公司办有来料加工免税海关手册,因各种原因进出口数量不符,本公司可以提供符合货物进出核销,达到货物合法免税,散货搜集于各大口岸代理报关公司。代做产品的产地证。
公司可以为三资企业提供<出口专用发票>。
我公司愿与广大新老客户真诚合作、共谋发展。欢迎贵公司来人来电洽谈业含。
祝: 生意兴隆 财源广进
联系人
On Fri, Feb 20, 2004 at 02:34:37PM +0100, Adrian von Bidder wrote:
In other cases, that entity discloses informatin only to a select few parties,
amongst them the non-CERT Debian security team. This is the one case where
that scheme does make a difference. Has this ever happened in the past?
T
Il ven, 2004-02-20 alle 12:13, Michael Stone ha scritto:
> >Well, I really don't want to feed a troll, but this is a theme I'm
> >wondering about from a while...
>
> Then do a web search. It's been discussed before in way too much detail
> and repeating the arguments just brings out the trolls.
Y
On Friday 20 February 2004 13.40, Simon Josefsson wrote:
> Is it entirely impossible to have two security teams, or split the
> current security team into two parts? One part that patches Debian
> packages as soon as technically possible, and one part that follows
> various CERT timing requirement
贵公司<厂>您好!
本公司因进项大于销项现有余额<增值税电脑版发票、普通商品销售发票>可以代开。可以代寻开其它行业发票如运输发票、建筑发票、机动车发票、汽车维修发票..。
如贵公司办有来料加工免税海关手册,因各种原因进出口数量不符,本公司可以提供符合货物进出核销,达到货物合法免税,散货搜集于各大口岸代理报关公司。代做产品的产地证。
公司可以为三资企业提供<出口专用发票>。
我公司愿与广大新老客户真诚合作、共谋发展。欢迎贵公司来人来电洽谈业含。
祝: 生意兴隆 财源广进
联系人
On Fri, Feb 20, 2004 at 01:14:43PM +0100, Gian Piero Carrubba wrote:
But this is not always true. Sometimes the DSA reports "For the unstable
distribution (sid) these problems will be fixed soon."
Why this ?
The security team has nothing to do with sid packages. If a fix is ready
when the advi
On Fri, Feb 20, 2004 at 01:40:23PM +0100, Simon Josefsson wrote:
Is it entirely impossible to have two security teams, or split the
current security team into two parts? One part that patches Debian
packages as soon as technically possible, and one part that follows
various CERT timing requireme
Matt Zimmerman <[EMAIL PROTECTED]> writes:
> On Thu, Feb 19, 2004 at 02:30:54PM +0100, Florian Weimer wrote:
>
>> Bernd S. Brentrup wrote:
>>
>> > On Wed, Feb 18, 2004 at 04:44:15PM -0500, Michael Stone wrote:
>> > > On Wed, Feb 18, 2004 at 09:17:13PM +0100, Florian Weimer wrote:
>> > > >Yes, thi
From
http://www.debian.org/doc/manuals/securing-debian-howto/ch9.en.html#s9.1.6
> When a security fix is prepared, packages are prepared for unstable
> and the patch is back ported to stable (since stable is usually some
> minor or major versions behind). Packages for the stable distribution
> are
On Fri, Feb 20, 2004 at 02:34:37PM +0100, Adrian von Bidder wrote:
In other cases, that entity discloses informatin only to a select few parties,
amongst them the non-CERT Debian security team. This is the one case where
that scheme does make a difference. Has this ever happened in the past?
This
Il ven, 2004-02-20 alle 12:13, Michael Stone ha scritto:
> >Well, I really don't want to feed a troll, but this is a theme I'm
> >wondering about from a while...
>
> Then do a web search. It's been discussed before in way too much detail
> and repeating the arguments just brings out the trolls.
Y
On Friday 20 February 2004 13.40, Simon Josefsson wrote:
> Is it entirely impossible to have two security teams, or split the
> current security team into two parts? One part that patches Debian
> packages as soon as technically possible, and one part that follows
> various CERT timing requirement
On Fri, Feb 20, 2004 at 12:01:13PM +0100, Gian Piero Carrubba wrote:
Well, I really don't want to feed a troll, but this is a theme I'm
wondering about from a while...
Then do a web search. It's been discussed before in way too much detail
and repeating the arguments just brings out the trolls.
On Fri, Feb 20, 2004 at 01:14:43PM +0100, Gian Piero Carrubba wrote:
But this is not always true. Sometimes the DSA reports "For the unstable
distribution (sid) these problems will be fixed soon."
Why this ?
The security team has nothing to do with sid packages. If a fix is ready
when the advisory
On Fri, Feb 20, 2004 at 01:40:23PM +0100, Simon Josefsson wrote:
Is it entirely impossible to have two security teams, or split the
current security team into two parts? One part that patches Debian
packages as soon as technically possible, and one part that follows
various CERT timing requirement
Il ven, 2004-02-20 alle 05:58, John Galt ha scritto:
> "we won't hide problems" ...
Well, I really don't want to feed a troll, but this is a theme I'm
wondering about from a while...
Shouldn't the delayed disclosure be regarded a a sort of, at least
partially, infringement of the Debian manifesto
Matt Zimmerman <[EMAIL PROTECTED]> writes:
> On Thu, Feb 19, 2004 at 02:30:54PM +0100, Florian Weimer wrote:
>
>> Bernd S. Brentrup wrote:
>>
>> > On Wed, Feb 18, 2004 at 04:44:15PM -0500, Michael Stone wrote:
>> > > On Wed, Feb 18, 2004 at 09:17:13PM +0100, Florian Weimer wrote:
>> > > >Yes, thi
From
http://www.debian.org/doc/manuals/securing-debian-howto/ch9.en.html#s9.1.6
> When a security fix is prepared, packages are prepared for unstable
> and the patch is back ported to stable (since stable is usually some
> minor or major versions behind). Packages for the stable distribution
> are
On Fri, Feb 20, 2004 at 09:56:12AM +0100, Dariush Pietrzak wrote:
> > 2.2 series of kernels, sincee they're apparently vulnerable too?
> You can find the patch on bugtraq/isec/etc, attached is a peek at it
I had a privat discussion about this patch with someone from the Debian
Security Team and he
Matt Zimmerman wrote:
> Note the "affordable, off-the-shelf".
Matt, Debian is also sold on shelves.
> The implication being that if you pay more to a proprietary software
> vendor (and they typically are more expensive), then you'll be better
> off security-wise.
If you pay someone for the incr
On Fri, Feb 20, 2004 at 12:01:13PM +0100, Gian Piero Carrubba wrote:
Well, I really don't want to feed a troll, but this is a theme I'm
wondering about from a while...
Then do a web search. It's been discussed before in way too much detail
and repeating the arguments just brings out the trolls.
Mik
Il ven, 2004-02-20 alle 05:58, John Galt ha scritto:
> "we won't hide problems" ...
Well, I really don't want to feed a troll, but this is a theme I'm
wondering about from a while...
Shouldn't the delayed disclosure be regarded a a sort of, at least
partially, infringement of the Debian manifesto
> 2.2 series of kernels, sincee they're apparently vulnerable too?
You can find the patch on bugtraq/isec/etc, attached is a peek at it
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
--- linux/mm/mremap.c.security Sun Mar 25 20:31:03 2001
+++ linux/mm/
Le vendredi 20 février 2004 à 08h45 (+0100),
Adrian 'Dagurashibanipal' von Bidder écrivait :
> With the current thread in this list: thanks, Matt & team - I'm quite
> satisfies with the way Debian handles security updates currently.
I follow on this: I am more than satisfied with the security tea
On Fri, Feb 20, 2004 at 09:56:12AM +0100, Dariush Pietrzak wrote:
> > 2.2 series of kernels, sincee they're apparently vulnerable too?
> You can find the patch on bugtraq/isec/etc, attached is a peek at it
I had a privat discussion about this patch with someone from the Debian
Security Team and he
Matt Zimmerman wrote:
> Note the "affordable, off-the-shelf".
Matt, Debian is also sold on shelves.
> The implication being that if you pay more to a proprietary software
> vendor (and they typically are more expensive), then you'll be better
> off security-wise.
If you pay someone for the incr
With the current thread in this list: thanks, Matt & team - I'm quite
satisfies with the way Debian handles security updates currently.
And some people need to remind themselves that Debian is a volounteer project
and is open source - so, if you want more/faster security updates, hire
somebody
> 2.2 series of kernels, sincee they're apparently vulnerable too?
You can find the patch on bugtraq/isec/etc, attached is a peek at it
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
--- linux/mm/mremap.c.security Sun Mar 25 20:31:03 2001
+++ linux/mm/
Le vendredi 20 fÃvrier 2004 Ã 08h45 (+0100),
Adrian 'Dagurashibanipal' von Bidder Ãcrivait :
> With the current thread in this list: thanks, Matt & team - I'm quite
> satisfies with the way Debian handles security updates currently.
I follow on this: I am more than satisfied with the security tea
Incoming from Matt Zimmerman:
> On Thu, Feb 19, 2004 at 09:12:42PM -0700, s. keeling wrote:
>
> > Incoming from Matt Zimmerman:
> > > On Thu, Feb 19, 2004 at 02:24:42PM +0100, Florian Weimer wrote:
> > >
> > > > You don't. Tough luck, of course, but that's the price for running
> > > > affordabl
With the current thread in this list: thanks, Matt & team - I'm quite
satisfies with the way Debian handles security updates currently.
And some people need to remind themselves that Debian is a volounteer project
and is open source - so, if you want more/faster security updates, hire
somebody
35 matches
Mail list logo
