On Thu, Mar 3, 2016 at 12:38 AM, Jérôme Pinguet wrote:
> I already knew about unattended upgrades but they sound a bit too risky
> for production.
> apticron is not security oriented and, as far as i know, it needs lots
> of tweaking to limit itself to security updates.
apticron supports sending
On Wed, 02 Mar 2016, Andrew Vaughan wrote:
> I'm wondering why the body of the email doesn't include instructions on how
> to unsubscribe?
Because of DMARC and other message-body signing anti-spam measures.
The headers of every single message we send do include instructions on
how to unsubscribe,
On 03/02/2016 04:45 PM, Andrew Deck wrote:
> The existing tool for this (I think there may be multiple, but the one
> I'm familiar with) is debsecan.
> https://wiki.debian.org/DebianSecurity/debsecan
>
> Which seems to have all the features you'd want:
> https://scottlinux.com/2015/04/01/debsecan-g
Hi,
i guess you need something like apticron :
https://packages.debian.org/fr/jessie/apticron
Regards,
François
Le 02/03/2016 16:17, Jérôme Pinguet a écrit :
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hello!
I am jérôme, I maintain a few Debian Stable and Old Stable servers.
There a
The existing tool for this (I think there may be multiple, but the one
I'm familiar with) is debsecan.
https://wiki.debian.org/DebianSecurity/debsecan
Which seems to have all the features you'd want:
https://scottlinux.com/2015/04/01/debsecan-get-an-emailed-report-of-pending-debian-security-update
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hello!
I am jérôme, I maintain a few Debian Stable and Old Stable servers.
There are lots of Debian Security Advisories for lots of packages, but,
typically, I maintain servers whose packages lists are close to a
freshly installed netinst iso.
Has
Hello,
Why put it there if there is already a perfectly good standard, RFC 2369 (from
1998!, so about as new as IPv6) that describes where to put the mailing list
information: in the headers of the mail.
And guess what? That's exactly where the Debian lists already places this
information.
Andrew Vaughan wrote:
> I'm wondering why the body of the email doesn't include instructions on how
> to unsubscribe? Most modern email clients
[...]
> Just adding "To unsubscribe email:debian-security-requ...@lists.debian.org
> with the subject unsubscribe" at the bottom of every email might
Or it could be add just as a signature to the mail. Like:
Content
More content
_
To unsubscribe send an email with subject: "Unsubsribe" to
debian-secur...@lists.debia.org
I think this clearly separates the content of the message
I'm wondering why the body of the email doesn't include instructions on how
to unsubscribe? Most modern email clients will recognise http and
email addresses
and make them clickable even in plain text messages. I realise that adds noise
to every message, but people are good at skimming past irrel
Alexander Wirt wrote:
> Because people expect that they can answer a DSA.
Okay, but what's the point? If someone has something valuable to say in
response to a DSA:
1) he can find the debian-security list;
2) if he replies to the -announce list and gets a bounce because the
Reply-To a
On Wed, 02 Mar 2016, Grond wrote:
> I'll second this motion.
>
> A good proportion of the traffic I get from debian-security
> is simply silly people trying to unsubscribe themselves from
> debian-security-announce by replying to DSAs.
>
> And while most of them do not respond with empty threats
I'll second this motion.
A good proportion of the traffic I get from debian-security
is simply silly people trying to unsubscribe themselves from
debian-security-announce by replying to DSAs.
And while most of them do not respond with empty threats of spam,
the policy of setting the "Reply-To" ma
On Mar 2, 2016 2:16 PM, "Carsten Aulbert"
wrote:
> Hi
>
> brief question for a possible addendum. I believe one should at least
> restart services which are currently using openssl after patching it,
> right, e.g. trying to figure out by lsof -n | grep openssl.
>
> (or reboot the machine)
>
> Wou
On Wed, 2016-03-02 at 09:44 +0100, Carsten Aulbert wrote:
> That one looks great (and yet another new thing learned today), although
> the output is quite verbose and a few false positives, but overall quite
> usable!
Personally I prefer needrestart for various reasons.
--
bye,
pabs
https://wi
Hi
On 03/02/2016 09:36 AM, Paul Wise wrote:
> Right. I would use one of the many existing implementations of this
> rather than rolling your own:
>
> checkrestart (from debian-goodies)
That one looks great (and yet another new thing learned today), although
the output is quite verbose and a few
On Wed, Mar 2, 2016 at 4:08 PM, Carsten Aulbert wrote:
> brief question for a possible addendum. I believe one should at least
> restart services which are currently using openssl after patching it,
> right, e.g. trying to figure out by lsof -n | grep openssl.
Right. I would use one of the many e
Hello,
Take a look at checkrestart [1] from the debian-goodies package. It
tells you which processes are using deleted files, and if possible which
service to restart.
Regards
/peter
[1] http://manpages.debian.org/cgi-bin/man.cgi?query=checkrestart
Am 02.03.2016 um 09:08 schrieb Carsten Aulber
Carsten Aulbert wrote:
> Would it make sense to add that to the DSA 3500-1 page, like for
> DSA-3481[1]?
Probably (if not already the case---didn't check). But frankly, *every*
library with a security update falls in this case AFAICT, so if you're
going to do that, do it for *all* of them, I'd s
Hi
brief question for a possible addendum. I believe one should at least
restart services which are currently using openssl after patching it,
right, e.g. trying to figure out by lsof -n | grep openssl.
(or reboot the machine)
Would it make sense to add that to the DSA 3500-1 page, like for
DSA-
20 matches
Mail list logo
