Gerfried Fuchs wrote:
> Hi again!
>
> * Jeremy T. Bouse <jbo...@debian.org> [2010-02-01 18:19:31 CET]:
> > Moritz Muehlenhoff wrote:
> > > An additional possibility might be to limit the scope of security support
> > > to local, trusted users behind an authenticated HTTP zone. We're doing
> > > that
> > > for a few applications already, e.g. sql-ledger or ocsinventory.
> > > You wouldn't expose your accounting or hardware inventory to untrusted
> > > users and the same should apply to IDS results.
> >
> > In which case this is a non-issue to anyone who uses the default Apache
> > configuration which limits access to localhost and has since 1.2.7.
We should make it explicit through the proper debtag, though. If you agree
as the maintainer, I'll add the respective debtag and send a short note to
t...@security.debian.org
> In this case I guess we can close this bug for lenny. Is this fine with
> you, Moritz?
>
> Thanks for the quick responses!
> Rhonda
We tagged the current issues as no-dsa anyway, so that's fine.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
