ion is to fix the firewall,
not disable it. If we just disable the firewall, what is our incentive to
fix it?
Please don't disable the firewall, it's almost certainly not the right
decision, and I'm pretty sure we'll end up wishing we'd not disabled it
sooner or later.
Th
hat
they're doing for a second (and hopefully prevent a bug). This is of course
subjective, I can't prove it's the case.
And lastly, while you can't execute arbitrary code with a %n these days (in
theory), you can cause a denial-of-service, which often isn't ideal either.
T
e class
of security issues (I can count the number of times we've done this on one
hand).
Thanks.
--
Josh Bressers / Red Hat Product Security Team
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
am interested whether there are better options available.
>
Hi Till,
Any news on packaging this? I'm interested to see what we can do with it.
Thanks.
--
Josh Bressers / Red Hat Product Security Team
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.o
x27;t use this plugin, to that risk?
We've made similar decisions in the past. Why do we turn on the firewall,
or make Sendmail only listen on localhost? Sometimes it makes sense to make
a decision that lowers potential risk for most users while being a slight
inconvenience for other users. I t
you need it, great, install it, but
if a users doesn't need it, it's really just creating a level of risk we
probably don't want.
Fedora currently has a reputation for being pretty secure, I think this
could damage that reputation.
Thanks.
--
Josh Bressers / Red Hat Product Security
>
> "Will and Mairin had some good links talking about the merits of doing
> this and how hiding passwords doesn't even do all that much to help (a
> determined person can always just watch your keyboard)."
This argument isn't very solid. I mean someone can just break your
window to get in your ho
On Thu, Apr 11, 2013 at 12:54 PM, Reindl Harald wrote:
>
> which is exactly the goal ASLR is desigend for
>
It's designed to make certain types of attacks more difficult. It
doesn't make them impossible, just much harder.
Here is an example.
When you write a security exploit, you generally have
On Wed, Apr 3, 2013 at 2:05 PM, Steve Grubb wrote:
> On Wednesday, April 03, 2013 01:48:17 PM Miloslav Trmač wrote:
> > On Tue, Apr 2, 2013 at 9:57 PM, Steve Grubb wrote:
> > > On Saturday, March 30, 2013 08:54:30 AM Dhiru Kholia wrote:
> > > > "_hardened_build" rpm spec macro can be used to har
On Thu, Jan 24, 2013 at 10:44 AM, David Malcolm wrote:
>
> Anyone interested in helping with this? There's plenty of scope for
> getting involved:
> * building the web UI for dealing with the results (any Python web
> developers out there?) [2]
> * packaging more static analyzers in Fedora (e.g
Hello all,
I suspect this is going to be a weird problem to figure out.
Relevation password manager
https://admin.fedoraproject.org/pkgdb/applications/Revelation Password Manager
Has been found to be unsafe.
http://knoxin.blogspot.co.uk/2012/06/revelation-password-manager-considered.html
I woul
On Fri, Aug 6, 2010 at 12:11 PM, Jaroslav Reznik wrote:
> On Friday, August 06, 2010 04:45:39 pm Jaroslav Reznik wrote:
> > If you're
> interested in - please reply,
> > I'd like to start Wiki page and we can talked
> about more details
> > etc.
>
> There is already WebKit page on Wiki [1] but I'
12 matches
Mail list logo
