-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I don't think there is anything wrong with the templates... Just because
it doesn't suit you specifically doesn't mean it doesn't help out somebody
else. It's always better to have too much information than too little.
On Fri, January 11, 2008 1:07 pm, Noah Meyerhans wrote:
On Fri, Jan 11, 2008 at 12:53:08PM -0500, Joey Hess wrote:
Noah Meyerhans wrote:
We mention all the binary packages in the advisory because they're the
versions that are going to be installed by apt* and people are going
to want checksums, file sizes, etc.
.. For no good reason, since apt checks all those things for you.
That information is a confusing relic, and could be removed from the
advisory templates.
I agree, but there's no concensus within the security team about this.
The argument is that not all sites can or choose to use apt to install
updated packages, and that we should make it reasonably convinent for
these sites to verify package integrity via other means.
noah
- --
James Shupe
HermeTek Network Solutions
http://www.hermetek.com
1.866.325.6207
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
iEYEARECAAYFAkeHs28ACgkQVwQZh6k43zofpgCcDe0YWVB9crD6lSnTQuag0HRN
0acAn2Eu2ErYpXkp/CCnxGQG6KbEWhJG
=PWa/
-END PGP SIGNATURE-
--
This Email is covered by the Electronic Communications Privacy Act,
18 U.S.C. 2510-2521 and is legally privileged. The information
contained in this Email is intended only for use of the individual
or entity named above. If the reader of this message is not the intended
recipient, or the employee or agent responsible to deliver it to the
intended recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited.
If you have received this communication in error, please immediately
notify us by telephone 1.866.325.6207 and destroy the original message.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
