Bob Proulx <[email protected]> writes: > Asher Gordon wrote: >> I see. It's too bad Savannah doesn't host the GnuPG git repository, >> because then I could point out how ironic it is that Savannah hosts >> GnuPG but still uses an old version! :-) > > I'll own that one. I really push for having an alive security patch > process and using a software distribution package management system > makes that much easier than building everything from scratch. > [...]
I was just making a joke (perhaps not a very good one :-) ). I wasn't
trying to criticize Savannah. But of course, security *is* important.
> The terrible irony would be that a security vulnerability would get
> found, reported, known by the malicious, fixed upstream, and we might
> still be running a stale old copy that we had not realized needed to
> be updated if we are not paying attention and get compromised. On the
> other hand the daily distro package upgrade keeps things simple.
Yes, using distro packages is probably a good idea. Might I suggest
moving to Debian eventually? I know it's not FSF-endorsed, but "main"
has only free software. Debian stable ("buster" currently) has
reasonably recent software versions and is stable and secure. Of course,
it would probably be a lot of work to migrate Savannah to Debian, and it
might not be worth it. Another major downside would be that you don't
get the cool ASCII logo on login. :-)
Asher
--
<cas> well there ya go. say something stupid in irc and have it
immortalised forever in someone's .sig file
signature.asc
Description: PGP signature
