On Tue, Feb 02, 2010 at 10:27:24PM -0500, Jeremy T. Bouse wrote:
> Moritz Muehlenhoff wrote:
> > Gerfried Fuchs wrote:
> >> Hi again!
> >>
> >> * Jeremy T. Bouse <jbo...@debian.org> [2010-02-01 18:19:31 CET]:
> >>> Moritz Muehlenhoff wrote:
> >>>> An additional possibility might be to limit the scope of security support
> >>>> to local, trusted users behind an authenticated HTTP zone. We're doing
> >>>> that
> >>>> for a few applications already, e.g. sql-ledger or ocsinventory.
> >>>> You wouldn't expose your accounting or hardware inventory to untrusted
> >>>> users and the same should apply to IDS results.
> >>> In which case this is a non-issue to anyone who uses the default Apache
> >>> configuration which limits access to localhost and has since 1.2.7.
> >
> > We should make it explicit through the proper debtag, though. If you agree
> > as the maintainer, I'll add the respective debtag and send a short note to
> > t...@security.debian.org
> >
>
> Sounds fine with me...
Commited to SVN.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
