Hi,
Maxim Kammerer wrote (06 Aug 2013 09:52:36 GMT) :
> Tails references upstream advisories, or at least did so in the past.
> https://tails.boum.org/security/Numerous_security_holes_in_0.18/
Right, and we have no plan to stop doing this. What we've been doing
for years when releasing a new Tails that fixes security issues (that
is, basically every single one we've put out) is:
1. Users are told "your version of Tails has known security issue" on
startup if needed; this one has a link to a security announce like
the one Maxim pointed to.
2. We issue a release announcement, such as
https://tails.boum.org/news/version_0.19/, that starts with "All
users must upgrade as soon as possible", but doesn't point to the
corresponding security advisory. After reading this thread,
I wonder if we should perhaps change this, and have this sentence
link to the security advisory.
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
--
Liberationtech list is public and archives are searchable on Google. Too many
emails? Unsubscribe, change to digest, or change password by emailing moderator
at [email protected] or changing your settings at
https://mailman.stanford.edu/mailman/listinfo/liberationtech
