[gentoo-security] Gentoo Security

Subject: Gentoo Security Good day from Singapore, May I know what are the antivirus, personal firewall and host intrusion detection system (HIDS) software that I can install in Gentoo? Thank you. Regards, Mr. Turritopsis Dohrnii Teo En Ming Targeted Individual in Singapore 5 Aug 2022 Friday

Re: [gentoo-security] Re: Confirm unsubscribe from gentoo-security@lists.gentoo.org

  __ Od: "Sergey Popov" Komu: gentoo-security@lists.gentoo.org Dátum: 06.11.2019 09:14 Predmet: Re: [gentoo-security] Re: Confirm unsubscribe from gentoo-security@lists.gentoo.org People just cannot read messages and ke

Re: [gentoo-security] Re: Confirm unsubscribe from gentoo-security@lists.gentoo.org

People just cannot read messages and keep sending unsubscribe requests to the mailing list address(gentoo-security@lists.gentoo.org) instead of unsubscribe address, which is gentoo-security+unsubscr...@lists.gentoo.org Instructions for subscribing/unsubcribing - https://www.gentoo.org/get

Re: [gentoo-security] Re: Confirm unsubscribe from gentoo-security@lists.gentoo.org

Unsubscribe what da f**k is going on?

Re: [gentoo-security] Confirm unsubscribe from gentoo-security@lists.gentoo.org

> Am 04.11.2019 um 15:35 schrieb Christopher Meng : > > > > On Mon, Nov 4, 2019, at 09:35, gentoo-security+h...@lists.gentoo.org > <mailto:gentoo-security+h...@lists.gentoo.org> wrote: >> >> >> Somebody (and we hope it was you) has requested th

[gentoo-security] Re: Confirm unsubscribe from gentoo-security@lists.gentoo.org

On Mon, Nov 4, 2019, at 09:35, gentoo-security+h...@lists.gentoo.org wrote: > > > Somebody (and we hope it was you) has requested that the email address > be removed from the list. > > To confirm you want to do this, please send a message to > > which can usually be

Re: [gentoo-security] Welcome to gentoo-security@lists.gentoo.org

Unsubscribe pon., 4 lis 2019 o 14:06 Amelia Andersdotter napisał(a): > you need to send the messages to > gentoo-security+unsubscr...@lists.gentoo.org > <mailto:unsubscr...@lists.gentoo.org> > > > On 2019-11-04 09:45, sergiotocal...@gmail.com wrote: > > Unsubscri

Re: [gentoo-security] Welcome to gentoo-security@lists.gentoo.org

you need to send the messages to gentoo-security+unsubscr...@lists.gentoo.org <mailto:unsubscr...@lists.gentoo.org> On 2019-11-04 09:45, sergiotocal...@gmail.com wrote: > Unsubscribe > >> On 4. Nov 2019, at 08:51, Leo Jackson > <mailto:la...@yahoo.com>> wrote: &

Re: [gentoo-security] Welcome to gentoo-security@lists.gentoo.org

> <mailto:m...@gentoo.org>> 写道： > > > > В письме от воскресенье, 3 ноября 2019 г. 23:02:04 +07 пользователь gentoo- > > security+h...@lists.gentoo.org <mailto:h...@lists.gentoo.org> написал: > >> Thank you for confirming your subscription. You have n

Re: [gentoo-security] Re: Welcome to gentoo-security@lists.gentoo.org

Unsubscribe Regards, Leo Jackson On Sunday, November 3, 2019, 01:50:27 PM EST, Phaby Liu wrote: Unsubscribe > 在 2019年11月3日，上午11:04，Vadim A. Misbakh-Soloviov 写道： > > В письме от воскресенье, 3 ноября 2019 г. 23:02:04 +07 пользователь gentoo- > security+h...@list

Re: [gentoo-security] Sorry for irrelevant messages

The case is that to be subscribed in these lists it should be sent an email to the list address from the account you want the subscription. Even more, but I don't remember it very well, I think it should be confirmed too. So, in that case, the data comes from the owner of the address in the time th

Re: [gentoo-security] Sorry for irrelevant messages

On Sun, Nov 03, 2019 at 07:39:09PM +0100, Elio Cartier wrote: > As article 3 provides, the whole GDPR law applies to you because I am an EU > citizen, even if your company is based outside of the EU. > http://www.privacy-regulation.eu/en/3.htm "2. This Regulation applies to the processing of pers

Re: [gentoo-security] Re: Welcome to gentoo-security@lists.gentoo.org

Unsubscribe > 在 2019年11月3日，上午11:04，Vadim A. Misbakh-Soloviov 写道： > > В письме от воскресенье, 3 ноября 2019 г. 23:02:04 +07 пользователь gentoo- > security+h...@lists.gentoo.org написал: >> Thank you for confirming your subscription. You have now been added to the >&g

Re: [gentoo-security] Sorry for irrelevant messages

Hi, My personal data, including my email address, are protected under data protection law. The Data protection Regulation (GDPR) applies to the processing of my email adress and any other information related to me. http://www.privacy-regulation.eu/en/ As article 3 provides, the whole GDPR law app

[gentoo-security] Sorry for irrelevant messages

Hi there! I'm sorry for the spamming few lists with irrelevant messages few miuts ago. I just re-subsribed to all the lists with @gentoo.org address (instead of personal), and then confirming all the subscribtions with "next+reply+send" shortcuts, and didn't stop at the correct time, so I also

[gentoo-security] Re: Welcome to gentoo-security@lists.gentoo.org

В письме от воскресенье, 3 ноября 2019 г. 23:02:04 +07 пользователь gentoo- security+h...@lists.gentoo.org написал: > Thank you for confirming your subscription. You have now been added to the > normal version of the list. > > The email address you are subscribed with is . > >

[gentoo-security] remove

remove

[gentoo-security] Re: Subject: Digest of gentoo-security@lists.gentoo.org issue 141 (1087-1088)

remove On Wed, Jan 23, 2019 at 5:02 PM wrote: > Topics (messages 1087 through 1088): > > [gentoo-security] Re: Confirm unsubscribe from > gentoo-security@lists.gentoo.org > 1087 - > > [gentoo-security] Re: Confirm unsubscribe from > gentoo-security@lists

Re: [gentoo-security] Re: Confirm unsubscribe from gentoo-security@lists.gentoo.org

Yes, please proceed with the order. On Jan 22, 2019 at 07:28, > wrote: Confirm unsubscribe On Mon, 14 Jan 2019, at 22:38, gentoo-security+h...@lists.gentoo.org wrote: > > > Somebody (and we hope it was you) has requested that the email address > be removed from the

Re: [gentoo-security] Re: Confirm unsubscribe from gentoo-security@lists.gentoo.org

  Confirm unsubscribe On Mon, 14 Jan 2019, at 22:38, gentoo-security+h...@lists.gentoo.org wrote: > > > Somebody (and we hope it was you) has requested that the email address > be removed from the list. > > To confirm you want to do this, please send a message t

Re: [gentoo-security] Re: Confirm unsubscribe from gentoo-security@lists.gentoo.org

On Mon, Jan 14, 2019 at 2:11 PM Andrew Jeffery wrote: > > > On Mon, 14 Jan 2019, at 22:38, gentoo-security+h...@lists.gentoo.org > wrote: > > > > > > Somebody (and we hope it was you) has requested that the email address > > be removed from the list. &g

[gentoo-security] Re: Confirm unsubscribe from gentoo-security@lists.gentoo.org

On Mon, 14 Jan 2019, at 22:38, gentoo-security+h...@lists.gentoo.org wrote: > > > Somebody (and we hope it was you) has requested that the email address > be removed from the list. > > To confirm you want to do this, please send a message to > > which can usually be

Re: [gentoo-security] Is it secure? Is it safe?

spam, there isn't much security on Gentoo Security >> anymore. > > Lots of the security stuff happens privately and on IRC. :)

Re: [gentoo-security] Is it secure? Is it safe?

On 10 April 2017 at 02:27, Brent Busby wrote: > Judging from all the spam, there isn't much security on Gentoo Security > anymore. Lots of the security stuff happens privately and on IRC. :) -- Kent KENTNL - https://metacpan.org/author/KENTNL

[gentoo-security] Is it secure? Is it safe?

Judging from all the spam, there isn't much security on Gentoo Security anymore. -- - Brent Busby + === + With the rise of social networking -- Studio -- + sites, computers are making people -- Am

Aw: [gentoo-security] pizza time

  nice try  

[gentoo-security] Re: they inspired me so much

Hey, Just take a look at that amazing stuff some people can do! They inspired me so much! Amazing! Here is the link http://dream.exitbound.com/dcdd Looking forward, ess

[gentoo-security] Re: Minor GLSA XML updates

On 01/13/2017 03:51 PM, Alex Legler wrote: > In order to better adhere to our published DTD [1] and provide heavily > requested features, we've been making a few minor changes to the > generated XML format: Thanks! -- Kristian Fiskerstrand OpenPGP keyblock reachable at hkp://pool.sks-keyservers.

[gentoo-security] Minor GLSA XML updates

In order to better adhere to our published DTD [1] and provide heavily requested features, we've been making a few minor changes to the generated XML format: 1) Slots can be added to package versions Since we have discovered that our reference "GLSA client" implementation glsa-check does already s

Re: [gentoo-security] Fw: important message

Nice try. On 11/20/2015 04:23 PM, richard scott wrote: Hello! *New message, please read* http://e-targi.org/hear.php richard scott

[gentoo-security] (kein Betreff)

Re: [gentoo-security] selinux + systemd

Sorry, wrong mailing list. On 06/20/2015 07:49 PM, Simon Maurer wrote: > Hi, > I tried to use selinux with systemd, but without much success. Looks > like the whole transitioning is broken. (Most daemons are stuck in the > init_t domain) What I don't understand is, while more and more disros > sw

[gentoo-security] selinux + systemd

Hi, I tried to use selinux with systemd, but without much success. Looks like the whole transitioning is broken. (Most daemons are stuck in the init_t domain) What I don't understand is, while more and more disros switching to systemd, it seems like there is still no working selinux policy with sys

[gentoo-security]Resposta automática

This account is not active. Please send e-mails to l...@joinville.udesc.br.

[gentoo-security] Ruxcon 2014 Final Call For Presentations

Ruxcon 2014 Call For Presentations Melbourne, Australia, October 11th-12th CQ Function Centre http://www.ruxcon.org.au The Ruxcon team is pleased to announce the Final Call For Presentations for Ruxcon 2014. This year the conference will take place over the weekend of the 11th and 12th of Octo

Re: [gentoo-security] Breakpoint 2014 Call For Presentations

This format is extremely spammy and looks like it was mass-posted to hundreds of mailing lists. No information is given as to why Gentooers might go to whatever this is. signature.asc Description: OpenPGP digital signature

[gentoo-security] Breakpoint 2014 Call For Presentations

Breakpoint 2014 Call For Papers Melbourne, Australia, October 8th-9th Intercontinental Rialto http://www.ruxconbreakpoint.com .[x]. Introduction .[x]. The Ruxcon team is pleased to announce Call For Papers for Breakpoint 2014. Breakpoint showcases the work of expert security researchers from

Re: [gentoo-security] Regeneration of gpg keys after HeartBleed

On Mon, Apr 14, 2014 at 5:54 PM, Alex Legler wrote: > On 09.04.2014 18:39, Jo wrote: >> Hi all, this is my first post in this list, so again Hi all! >> >> I'm a bit concerned about the signing keys of the portage tree releases, >> I know that gpg is not the same as openssl but keeping in mind that

Re: [gentoo-security] Regeneration of gpg keys after HeartBleed

compromised for two years, don't you think it's > a healthy measure to generate a new pair of keys? GPG private keys are kept and used nowhere near any server processes, not transferred via HTTPS or any VPNs, and SSH is not affected. I don't see an immediate need to rotate them.

Re: [gentoo-security] Regeneration of gpg keys after HeartBleed

Hi Chris & List, f.y.i.: the post you linked got retracted by the author because as he states missread the code interpreted it in a wrong way. Best regards, Matthias Niethammer 2014-04-09 21:21 GMT+02:00 Chris Frederick : > On 04/09/14 12:01, Luis Ressel wrote: > >> On Wed, 09 Apr 2014 18:39:

Re: [gentoo-security] Regeneration of gpg keys after HeartBleed

On 04/09/14 12:01, Luis Ressel wrote: On Wed, 09 Apr 2014 18:39:41 +0200 Jo wrote: I'm a bit concerned about the signing keys of the portage tree releases, I know that gpg is not the same as openssl but keeping in mind that SSH, VPN, HTTPS keys might be compromised for two years, don't you thi

Re: [gentoo-security] Regeneration of gpg keys after HeartBleed

On Wed, 09 Apr 2014 18:39:41 +0200 Jo wrote: > I'm a bit concerned about the signing keys of the portage tree > releases, I know that gpg is not the same as openssl but keeping in > mind that SSH, VPN, HTTPS keys might be compromised for two years, > don't you think it's a healthy measure to gene

[gentoo-security] Regeneration of gpg keys after HeartBleed

Hi all, this is my first post in this list, so again Hi all! I'm a bit concerned about the signing keys of the portage tree releases, I know that gpg is not the same as openssl but keeping in mind that SSH, VPN, HTTPS keys might be compromised for two years, don't you think it's a healthy measure

Re: [gentoo-security] glksa-check Proof of Concept

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/17/2014 11:25 PM, Samuel Damashek wrote: > At the request of creffett, I created a Proof of Concept for > glksa-check, which allows for glksa XML files to define Kernel > security vulnerabilities. Please realize that this is a Proof of > Conce

[gentoo-security] glksa-check Proof of Concept

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 At the request of creffett, I created a Proof of Concept for glksa-check, which allows for glksa XML files to define Kernel security vulnerabilities. Please realize that this is a Proof of Concept, and that the interface is not the most user-friendly.

Re: [gentoo-security] Soliciting feedback for the GLSA-2 format

10.01.2014 19:02, Sascha Wolf пишет: > Hi, > > I find the new version of GLSA format very interesting, especially > with the backdrop of the automated evaluation of vulnerabilities. > > Would it be possible to specify in which branch of Gentoo, this > program is usually installed? For

Re: [gentoo-security] Soliciting feedback for the GLSA-2 format

What's wron man?  Original message From: Tobias Heinlein Date: 10/01/2014 16:44 (GMT+01:00) To: gentoo-security@lists.gentoo.org Subject: Re: [gentoo-security] Soliciting feedback for the GLSA-2 format null

Re: [gentoo-security] Soliciting feedback for the GLSA-2 format

On 1/10/2014 4:02 PM, Sascha Wolf wrote: So you can better see if you are actively involved or not. What do you mean by "involved"? Who is involved in what? In case you mean glsa-check, it checks every version installed on your system. That won't be different to the behaviour it already has.

Re: [gentoo-security] Soliciting feedback for the GLSA-2 format

On 10/01/14 10:02 AM, Sascha Wolf wrote: > Hi, > > I find the new version of GLSA format very interesting, especially > with the backdrop of the automated evaluation of vulnerabilities. > > Would it be possible to specify in which branch of Gentoo, this > program is usually installed?

[gentoo-security] Soliciting feedback for the GLSA-2 format

Hi, I find the new version of GLSA format very interesting, especially with the backdrop of the automated evaluation of vulnerabilities. Would it be possible to specify in which branch of Gentoo, this program is usually installed? For example, "stable" or "unstable"? So you can better

Re: [gentoo-security] Soliciting feedback for the GLSA-2 format

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 01/10/2014 02:35 AM, Tobias Heinlein wrote: > On 10.01.2014 00:37, Yury German wrote: >> is this what the users will see as generated from XML? > > That was just a short example explaining the semantics of the new > syntax. > > We haven't discus

Re: [gentoo-security] Soliciting feedback for the GLSA-2 format

That is the part that would be the most important, as the XML makes sense to me. The translation from XML to GLSA would be the most important part so that it is clear to the general populace. Whenever I write things for work I am always using the rule of writing to the least common denominator,

Re: [gentoo-security] Soliciting feedback for the GLSA-2 format

On 10.01.2014 00:37, Yury German wrote: is this what the users will see as generated from XML? That was just a short example explaining the semantics of the new syntax. We haven't discussed yet how it'll show up in the text advisory, probably something like "Slot 3.2: <3.2.1 >3.4.2".

Re: [gentoo-security] Soliciting feedback for the GLSA-2 format

Alex, is this what the users will see as generated from XML? Yury German E-Mail: bluekni...@technologysecure.com PGP/GPG ID: 19EC14B3 On Jan 7, 2014, at 8:14 PM, Alex Legler wrote: > Reads as follows: > On hppa, there is no fixed version. > On all other arches, python in slot 3.2 is fixed

Re: [gentoo-security] Soliciting feedback for the GLSA-2 format

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/09/2014 10:42 AM, Alex Legler wrote: > On 09.01.2014 01:08, Chris Reffett wrote: >> On 01/07/2014 08:42 PM, Tobias Heinlein wrote: >>> On 08.01.2014 02:40, Tobias Heinlein wrote: Our new approach works more like a whitelist; >> >>> "more li

Re: [gentoo-security] Soliciting feedback for the GLSA-2 format

would like the workaround field to remain (but perhaps be > optional) since I have seen a few vulns that actually did have > functional workarounds. Not absolutely necessary. > Does it need to have its own field, can't it be part of the (temporary) resolution? > Chris R

Re: [gentoo-security] Soliciting feedback for the GLSA-2 format

Forwarding from a private reply. >> Now that we've been growing a bit in numbers and have managed to get the >> GLSA circulation back on track, it is time to finally talk about the new >> GLSA format that has been planned for quite a while. > > Yay, very exciting! > >> - Packages section reworke

Re: [gentoo-security] Kernel Vulnerability Handling and Classification Criteria

e should set up a clear >> system, much like we have right now for packages in Portage, to >> facilitate the filing and management of these bugs. > > > I agree that a way to handle kernel issues should be part of the > Gentoo security process. Although following the LKML an

Re: [gentoo-security] Soliciting feedback for the GLSA-2 format

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/07/2014 08:42 PM, Tobias Heinlein wrote: > On 08.01.2014 02:40, Tobias Heinlein wrote: >> Our new approach works more like a whitelist; > > "more like a blacklist", that is. > > I kind of would like the workaround field to remain (but perhaps

Re: [gentoo-security] Kernel Vulnerability Handling and Classification Criteria

On Tuesday 07 January 2014 21:04:28 Samuel Damashek wrote: > At the moment, we don't have an accepted and documented way to handle > Kernel CVEs. Right now, they're just being filed and then maybe being > resolved when upstream commits a patch. > > I believe we need some way of judging priority an

Re: [gentoo-security] Kernel Vulnerability Handling and Classification Criteria

stem, much like we have right now for packages in Portage, to > facilitate the filing and management of these bugs. > I agree that a way to handle kernel issues should be part of the Gentoo security process. Although following the LKML and relevant mailing lists, as well as the commits is pr

Re: [gentoo-security] Kernel Vulnerability Handling and Classification Criteria

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Max, > Hello Samuel, are security vulnerabilities not classified by > cve.mitre.org in a way that can be simply and consistently > leveraged? I wouldn't expect gentoo to implement kernel patches > before the Linux kernel maintainers blessed the patch,

[gentoo-security] Kernel Vulnerability Handling and Classification Criteria

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 At the moment, we don't have an accepted and documented way to handle Kernel CVEs. Right now, they're just being filed and then maybe being resolved when upstream commits a patch. I believe we need some way of judging priority and severity of kernel v

Re: [gentoo-security] Soliciting feedback for the GLSA-2 format

On 08.01.2014 02:40, Tobias Heinlein wrote: Our new approach works more like a whitelist; "more like a blacklist", that is.

Re: [gentoo-security] Soliciting feedback for the GLSA-2 format

On 08.01.2014 02:14, Alex Legler wrote: Reads as follows: On hppa, there is no fixed version. On all other arches, python in slot 3.2 is fixed in >=3.2.9, affected for anything less, in the 3.3 slot, [3.3.0; 3.3.1[ and [3.3.3; 3.3.5[ are affected, for the 0 slot, anything <6.3 is affected. I fe

[gentoo-security] Soliciting feedback for the GLSA-2 format

li.li/~alex/gentoo/security/glsa-2-example.xml Quick outline of the most important changes: - Synopsis removed: The title provides a quick overview of the issues, while the new shorter description provides details, yet briefly as well. People requiring even more information can use the linked CVE en

[gentoo-security] Ruxcon 2013 Final Call For Papers

Ruxcon 2013 Final Call For Papers Melbourne, Australia, October 26th-27th CQ Function Centre http://www.ruxcon.org.au/call-for-papers/ The Ruxcon team is pleased to announce the final call for papers for Ruxcon. This year the conference will take place over the weekend of the 26th and 27th of O

[gentoo-security] Ruxcon 2013 Call For Papers

Ruxcon 2013 Call For Presentations Melbourne, Australia, October 26th-27th CQ Function Centre http://www.ruxcon.org.au/call-for-papers/ The Ruxcon team is pleased to announce the Call For Presentations for Ruxcon 2013. This year the conference will take place over the weekend of the 26th and 27

[gentoo-security] Breakpoint 2013 Call For Papers

Breakpoint 2013 Call For Papers Melbourne, Australia, October 24th-25th Intercontinental Rialto http://www.ruxconbreakpoint.com .[x]. Introduction .[x]. The Ruxcon team is pleased to announce Call For Papers for Breakpoint 2013. Breakpoint showcases the work of expert security researchers fro

Re: [gentoo-security] CVE-2012-3547 vulnerability in net-dialup/freeradius

On Tuesday 11 September 2012 16:56:09 Štefan Sakalík wrote: > Hi, > we are affected by this vulnerability so I have created a patch for > freeradius-2.1.11-r1 (in attachment) inspired by upstream patch in git > at git://git.freeradius.org/freeradius-server.git , commit 684dce7da5fd078. > Please rev

[gentoo-security] Breakpoint 2012 Call For Papers

. __ ._\\. Breakpoint 2012 (___. : Intercontinental Rialto : : Melbourne, Australia : : October 17th-18th

[gentoo-security] Ruxcon 2012 Call For Papers

Ruxcon 2012 Call For Papers The Ruxcon team is pleased to announce the call for papers for the 2012 annual Ruxcon conference. This year the conference will take place over the weekend of 20th and 21st of October at the CQ Function Centre, Melbourne, Australia. The deadline for submissions is t

[gentoo-security]

Re: [gentoo-security] CVE-2011-4313 - BIND 9 Resolver crashes after logging an error in query.c

On Nov 17, 2011, at 1:30 AM, David Sommerseth wrote: > > Hi, > > This is a very fresh CVE, and I wondered if this has caught your attention? > When would it be reasonable to expect an update for this issue? ISC have > already released patches fixing this issue. > > https://www.isc.org/softwar

[gentoo-security] CVE-2011-4313 - BIND 9 Resolver crashes after logging an error in query.c

Hi, This is a very fresh CVE, and I wondered if this has caught your attention? When would it be reasonable to expect an update for this issue? ISC have already released patches fixing this issue. https://www.isc.org/software/bind/advisories/cve-2011-4313 kind regards, David Sommerseth

Re: [gentoo-security] No GLSA since January?!?

Rich Freeman wrote, on 08/27/2011 03:06 PM: > However, that isn't really what we're discussing here. What we're > talking about is GLSAs vs no GLSAs. Working automated GLSAs > apparently don't exist right now. It is wonderful that a bunch of > people are looking to change that, however it doesn'

Re: [gentoo-security] No GLSA since January?!?

On Sat, Aug 27, 2011 at 8:34 AM, Tobias Heinlein wrote: > I have read that idea multiple times now, each of them by people not on > the security team or something similar. It just doesn't work that way. > It's like suggesting to ditch Bugzilla and instead enter bugs manually > with SQL commands in

Re: [gentoo-security] No GLSA since January?!?

Rich Freeman wrote, on 08/27/2011 02:13 PM: > Note that I'm basically advocating ditching the tool. A tool is good > when it improves productivity. However, right now it appears that the > tool is keeping people from contributing who want to contribute. > Certainly things couldn't get worse witho

Re: [gentoo-security] No GLSA since January?!?

On Sat, Aug 27, 2011 at 4:49 AM, Christian Kauhaus wrote: > So in consequence I would appreciate to have both mechanisms: a timely > up-front notification via GLSAs (probably more brief than the past ones) and > some sort of security masking. The current GLSA mechanism already provides both of th

Re: [gentoo-security] No GLSA since January?!?

Am 26.08.2011 20:08, schrieb Kevin Bryan: SECURITY_FIXES="http://..."; SECURITY_BUG="343089" SECURITY_IMPACT="remote" Your idea sounds interesting and could lead to very cool technology like the 'ACCEPT_RISKS="..."' variable mentioned elsewhere in this thread. But it does not solve a major p

Re: [gentoo-security] No GLSA since January?!?

thout fixes so you get >> warnings for things that remain vulnerable, and updates for things that >> are fixed. >> >> Thoughts? > > I see this as an addition to sending advisories after fixing an issue, not > as > a solution to the issue at hand. > > -- > Alex Legler > Gentoo Security / Ruby

Re: [gentoo-security] No GLSA since January?!?

ngs that remain vulnerable, and updates for things that > are fixed. > > Thoughts? I see this as an addition to sending advisories after fixing an issue, not as a solution to the issue at hand. -- Alex Legler Gentoo Security / Ruby signature.asc Description: This is a digitally signed message part.

Re: [gentoo-security] No GLSA since January?!?

;> the needed or wanted data scheme. Such a thing is much better to control >> in a >> smaller and better connected group of people. >> >> Also, cleanup and large amounts of issues in packages are issues. Browsers >> >> usually get hundreds of CVEs as

Re: [gentoo-security] No GLSA since January?!?

nected group of people. > > Also, cleanup and large amounts of issues in packages are issues. Browsers > usually get hundreds of CVEs assigned in a year, that would be all in the > Ebuild, and for how long? > > Personally, I'm not convinced this is a model that woul

Re: [gentoo-security] No GLSA since January?!?

On Friday, August 26, 2011 08:07:57 PM Alex Legler wrote: > On Friday 26 August 2011 20:00:15 Joost Roeleveld wrote: > > On Friday, August 26, 2011 07:06:35 PM Christian Kauhaus wrote: > > > Am 26.08.2011 18:55, schrieb Alex Legler: > > > > Compared to other distributions, our advisories have been

Re: [gentoo-security] No GLSA since January?!?

e the correction time. > > > > We already use CVE as one of our sources of vulnerability intelligence. > Finding issues is also not the real issue here. > Also, actual issue correction is not our job, it's the responsibility of > the > package maintainer. > > Can you share details about the utilities you are using? > > Alex > > -- > Alex Legler > Gentoo Security / Ruby

Re: [gentoo-security] No GLSA since January?!?

, actual issue correction is not our job, it's the responsibility of the package maintainer. Can you share details about the utilities you are using? Alex -- Alex Legler Gentoo Security / Ruby signature.asc Description: This is a digitally signed message part.

Re: [gentoo-security] No GLSA since January?!?

Hi Kevin. That is an interesting idea. So one could check about vulnerabilies solutions _before_ package installation. And better. This could give us a measure about how secure [think a little bit ahead] packages in portage tree are. Actually, there are some mechanisms to know what is the mean ti

Re: [gentoo-security] No GLSA since January?!?

amounts of issues in packages are issues. Browsers usually get hundreds of CVEs assigned in a year, that would be all in the Ebuild, and for how long? Personally, I'm not convinced this is a model that would be an improvement over the current situation. Alex -- Alex Legler Gentoo Security / Ruby signature.asc Description: This is a digitally signed message part.

Re: [gentoo-security] No GLSA since January?!?

On Fri, Aug 26, 2011 at 2:57 PM, Alex Legler wrote: > On Friday 26 August 2011 14:18:20 Daniel A. Avelino wrote: > > Alex. > > > > May be a call for volunteers more "intense" could improve the manpower. > This > > could be a more > > easy start point to address, no?. > > Well, the staffing needs

Re: [gentoo-security] No GLSA since January?!?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Although I like having the summary information about what the vulnerability is, if I'm only reading them for packages I have installed, then a reference of some kind would suffice. I'd be fine even if it was just a new variable in the .ebuild file tha

Re: [gentoo-security] No GLSA since January?!?

ications until we can provide full advisories again. I realize it's not a solution and you will get the information somewhat unfiltered, but it is a reliable and most importantly currently available source of information. Alex -- Alex Legler Gentoo Security / Ruby signature.asc Description: This is a digitally signed message part.

Re: [gentoo-security] No GLSA since January?!?

ing earlier and using the information we've already entered into our bugzilla and CVE tracker in a much more integrated way. It's a bit hard to explain, you'd best see for yourself (by joining us of course! ;)). Alex [1] http://www.gentoo.org/proj/en/security/ -- Alex Legler Gentoo Security / Ruby signature.asc Description: This is a digitally signed message part.

Re: [gentoo-security] No GLSA since January?!?

Alex. May be a call for volunteers more "intense" could improve the manpower. This could be a more easy start point to address, no?. I work too in some [smaller] security processes and can figure out what kind of work are you talking about. As Kauhaus pointed, may be somethings should be automate

Re: [gentoo-security] No GLSA since January?!?

Am 26.08.2011 18:55, schrieb Alex Legler: Compared to other distributions, our advisories have been rather detailed with lots of manually researched information. I'm not sure if we can keep up this very high standard with the limited manpower, but we'll try our best. I see the point. I think it

Re: [gentoo-security] No GLSA since January?!?

, with low-to-medium success (yielding 1 new team member). Most people interested didn't think the job came with that much boring work. (No, we're not hacking stuff all day) > So what is the roadblock that hinders GLSA creation? Is there any way to get > the GLSAs into worki

Re: [gentoo-security] No GLSA since January?!?

Dear Christian Everything is secure. No reason to write GLSAs or to panic. ;) Chris Am 26.08.2011 um 18:12 schrieb Christian Kauhaus: > Hi, > > I'm wondering that may favorite Linux distro hasn't had any security > announcements since January. In my opinion this is really problematic. At our

[gentoo-security] No GLSA since January?!?

Hi, I'm wondering that may favorite Linux distro hasn't had any security announcements since January. In my opinion this is really problematic. At our company we try to convince prospective customers to host their applications on our Gentoo servers. When asked about security incident handling,

[gentoo-security] Ruxcon 2011 Final Call For Papers

Ruxcon 2011 Final Call For Papers The Ruxcon team is pleased to announce the final call for papers for the seventh annual Ruxcon conference. This year the conference will take place over the weekend of 19th and 20th of November at the CQ Function Centre, Melbourne, Australia. The deadline for

Re: [gentoo-security] Invitation to connect on LinkedIn

Shit happens - sorry to all of you guys. Linkedin did do it somehow and i didnt notice. Too much coffee and not enough sleep. Sorry ;) Regards 11-08-2011 05:33 użytkownik "Vito Sansevero" napisał: > Benefit of doubt linkedin crawls your contact list and sends out invites to > all? > On Aug 10, 20

  1   2   3   4   5   6   7   8   9   10   >