Moritz Muehlenhoff wrote: > Gerfried Fuchs wrote: >> Hi again! >> >> * Jeremy T. Bouse <jbo...@debian.org> [2010-02-01 18:19:31 CET]: >>> Moritz Muehlenhoff wrote: >>>> An additional possibility might be to limit the scope of security support >>>> to local, trusted users behind an authenticated HTTP zone. We're doing that >>>> for a few applications already, e.g. sql-ledger or ocsinventory. >>>> You wouldn't expose your accounting or hardware inventory to untrusted >>>> users and the same should apply to IDS results. >>> In which case this is a non-issue to anyone who uses the default Apache >>> configuration which limits access to localhost and has since 1.2.7. > > We should make it explicit through the proper debtag, though. If you agree > as the maintainer, I'll add the respective debtag and send a short note to > t...@security.debian.org >
Sounds fine with me...
>> In this case I guess we can close this bug for lenny. Is this fine with
>> you, Moritz?
>>
>> Thanks for the quick responses!
>> Rhonda
>
> We tagged the current issues as no-dsa anyway, so that's fine.
>
> Cheers,
> Moritz
signature.asc
Description: OpenPGP digital signature
