On Sun, Oct 30, 2016 at 09:25:49PM -0500, Douglas R. Reno wrote: > On Sun, Oct 30, 2016 at 9:21 PM, Ken Moffat <[email protected]> wrote: > > > > > I note you don't care about the recent Dirty COW vulnerability. But > > since it doesn't boot, that kernel version is the least of your problems. > > But when it does boot, safest to upgrade to any stable kernel > > released after 20th October - my notes say 4.7.9, 4.8.3, 4.4.26 or > > later - but for other people, some old stable kernels were also > > fixed. > > > > He probably doesn't know about it. >
He will do when he reads my reply ;-) > This is why I want *more* transparency in our fixing of security issues. > Communication is key, and with the other vulnerabilities that are > discovered daily that our users are affected by, and the impact that they > can have, it is the least that we can do is to keep them informed. > > Wasn't that what the old lfs-security mailing list was for? > It died - perhaps there was a quiet period where neither of the books had packages with problems. But yes, it is a pity that it died. But everybody *using* LFS is responsible for their own security, and I suspect many think "this is linux, I'm safe" or "I am the only human user of my system, I'm safe". Not arguing, I guess we do need to persuade our users to be more aware of vulnerabilities. Gerard used to be aware of major vulnerabilities, but I'm not sure if he is even still around. ĸen -- `I shall take my mountains', said Lu-Tze. `The climate will be good for them.' -- Small Gods -- http://lists.linuxfromscratch.org/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page Do not top post on this list. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? http://en.wikipedia.org/wiki/Posting_style
