Re: The harden-*flaws packages.

On Mon, Sep 02, 2002 at 06:28:44PM +0200, Javier Fernández-Sanguino Peña wrote: > On Mon, Sep 02, 2002 at 05:13:51PM +0200, Ola Lundqvist wrote: > > > > Now we just have to solve the upload-to-security problem, or simply > > write some other check that scans the security.d.o web pages and > > make

Re: The harden-*flaws packages.

On Mon, Sep 02, 2002 at 05:13:51PM +0200, Ola Lundqvist wrote: > > Now we just have to solve the upload-to-security problem, or simply > write some other check that scans the security.d.o web pages and > make clever things of it. Maybe using tiger, maybe some other things. But > because tiger can

Re: The harden-*flaws packages.

On Mon, Sep 02, 2002 at 05:01:14PM +0200, Javier Fernández-Sanguino Peña wrote: > On Mon, Sep 02, 2002 at 04:09:21PM +0200, Ola Lundqvist wrote: > > Hi > > > > > If you want a program to check for security flaws please use one designed > > > for that > > > precisely. Tiger is such a program. Just

Re: The harden-*flaws packages.

On Mon, Sep 02, 2002 at 04:09:21PM +0200, Ola Lundqvist wrote: > Hi > > > If you want a program to check for security flaws please use one designed > > for that > > precisely. Tiger is such a program. Just have the *flaws package recommend: > > or > > depend: on tiger. > > On the other hand tig

Re: The harden-*flaws packages.

Hi On Mon, Sep 02, 2002 at 03:09:28PM +0200, Javier Fernández-Sanguino Peña wrote: > On Mon, Sep 02, 2002 at 08:47:53AM +0200, Ola Lundqvist wrote: > > > > Yes. Luckily I just saw someone that have written a script that checks > > the DSA:s and tell the maintainer that he/she has a vulnerable pac

Re: The harden-*flaws packages.

On Mon, Sep 02, 2002 at 08:47:53AM +0200, Ola Lundqvist wrote: > > Yes. Luckily I just saw someone that have written a script that checks > the DSA:s and tell the maintainer that he/she has a vulnerable package. > That is a good solution (best?). The problem is that the DSA is > not able to disti

Re: The harden-*flaws packages.

Daniel Martin <[EMAIL PROTECTED]> writes: > Martin Schulze <[EMAIL PROTECTED]> writes: > > Hrm. The more I think about this the more I wonder if maybe the > harden-*flaws packages make much sense in stable at all. If someone > is apt-get'ing from security.debian.org, they're already replacing >

Re: The harden-*flaws packages.

Hi Thanks for the arguing. On Sun, Sep 01, 2002 at 09:22:56PM -0400, Daniel Martin wrote: > Martin Schulze <[EMAIL PROTECTED]> writes: > > > Please see the thread summarized in > > : > > > > Policy for Woody Point-Releases. [4]Several [5]developers [

Re: The harden-*flaws packages.

Martin Schulze <[EMAIL PROTECTED]> writes: > Please see the thread summarized in > : > > Policy for Woody Point-Releases. [4]Several [5]developers [6]would > [7]like to add new packages and updates to their packages to the > recently released stable di

Re: The harden-*flaws packages.

Please see the thread summarized in : Policy for Woody Point-Releases. [4]Several [5]developers [6]would [7]like to add new packages and updates to their packages to the recently released stable distribution of Debian. Adding new packages and random upd

Re: The harden-*flaws packages.

Hi On Thu, Aug 29, 2002 at 01:39:35PM +0100, Colin Watson wrote: > On Thu, Aug 29, 2002 at 02:35:13PM +0200, Ola Lundqvist wrote: > > I'm the maintainer of the harden-*flaws packages. The idea is to > > have conflicts with packages that are known to have security holes. > > This is not a big probl

Re: The harden-*flaws packages.

On Thu, Aug 29, 2002 at 02:35:13PM +0200, Ola Lundqvist wrote: > I'm the maintainer of the harden-*flaws packages. The idea is to > have conflicts with packages that are known to have security holes. > This is not a big problem for unstable (and mostly for testing) > but now woody have become stabl