09/04/14 20:24, intrigeri wrote:
> Hi,
>
> David Goulet wrote (09 Apr 2014 17:51:22 GMT) :
>> Here is my analysis of CVE-2014-2568 and CVE-2014-0131 in terms of
>> security severity for Tails.
>
> Thanks a lot!
>
> My temporary conclusion is: not worth taking the risk of introducing
> regression
Hi,
David Goulet wrote (09 Apr 2014 17:51:22 GMT) :
> Here is my analysis of CVE-2014-2568 and CVE-2014-0131 in terms of
> security severity for Tails.
Thanks a lot!
My temporary conclusion is: not worth taking the risk of introducing
regressions with a kernel update in Tails 1.0, but I'll let t
Alan wrote (04 Apr 2014 12:27:32 GMT) :
> I'd say it's worth taking the risk of regressions, at least if the two
> info leak might include cryptographic information leak.
I can have a closer look at these info leaks later today, but I'd
rather see someone more knowledgeable than me in this area do
I'd be interested in trying to get a grsec patched kernel into 1.0 or
1.1 - how do we suppose we could make this happen? I discussed this
with another Debian developer and they felt that a kernel flavor is
the way to go.
How might we ship grsec + pax to end users? What would be useful here
for me
Hi,
> anonym wrote (02 Apr 2014 14:50:51 GMT) :
> > Looking at the Debian changelog for the Linux kernel it seems only
> > these changes have CVE:s:
>
Thanks for the research.
> I've had a look (details below) and my conclusion is that... I'm
> unsure if it's worth taking the risk of introducin
anonym wrote (02 Apr 2014 14:50:51 GMT) :
> Looking at the Debian changelog for the Linux kernel it seems only these
> changes have CVE:s:
Thanks!
I've had a look (details below) and my conclusion is that... I'm
unsure if it's worth taking the risk of introducing regressions in
1.0. Other opinion
20/03/14 12:07, intrigeri wrote:
> Hi,
>
> (stealing the RM hat for a short while, by initiating this discussion.
> anonym, I'll let you take care of bringing this to a conclusion.)
>
> if we don't do anything special, then we'll release Tails 1.0 with the
> same kernel (3.12) as 0.23. Given 1.0
Hi,
(stealing the RM hat for a short while, by initiating this discussion.
anonym, I'll let you take care of bringing this to a conclusion.)
if we don't do anything special, then we'll release Tails 1.0 with the
same kernel (3.12) as 0.23. Given 1.0 will be a point-release, this
looks like the lo
