[H-GEN] security update mailing lists?
Troy Piggins
troy at piggo.com
Thu Jul 13 04:05:01 EDT 2006
* Greg Black <gjb at gbch.net> :
> On 2006-07-13, Russell Stuart wrote:
>
> > Just a personal point of view, but I find these lists
> > useless for an end user. You see a whole pile of
> > vulnerabilities fly by. Often they are in libraries,
> > and you don't know whether some application you have
> > installed uses those libraries. And of the remainder
> > a fair chunk won't apply to you.
>
> This is indeed a major problem with these things.
>
> > So I end up just waiting for my distribution to release
> > a fixed version of the package. Notice this overcomes
> > the "vulnerability in a library" problem, because the
> > packaging system automatically updates all effected
> > programs. This of course doesn't require you to read
> > any list. It just requires you to run "aptitude update;
> > aptitude upgrade" regularly.
> >
> > You can take it further. You can write a little script
> > run nightly from cron that downloads but doesn't install
> > any updated packages and emails the you the change logs.
> > You can then install or ignore them as you see fit. By
> > doing that you have created your own personalised
> > mailing list that only emails vulnerabilities that effect
> > your system.
>
> There's just one thing that makes me worry about this kind of
> advice and, since today is in fact a day when a Debian server
> was compromised, this seems like a good time to mention it: you
> need to know that the place you get your updates from has only
> got "good" updates, not compromised software. There's really no
> way for normal users to be able to be confident about that.
>
> What's the solution? Probably the only guaranteed solution is
> to ensure you only use perfectly secure computers. These are
> created by removing the power permanently.
Hehe. I won't be doing that.
Thanks for your thoughts, though.
--
Troy Piggins
,-o Ubuntu v6.06 (Dapper Drake): kernel 2.6.15-25-server,
o ) postfix 2.2.10, procmail 3.22, mutt 1.5.11i,
`-o slrn 0.9.8.1/rt (score_color patch), vim 7.0
More information about the General
mailing list