On Sun, Nov 08, 2020 at 10:49:31PM +0100, Florian Weimer wrote:
> * Moritz Mühlenhoff:
>
> > * Follow a scheme similar to Firefox ESR where in case of a security
> > the update either happens to the latest minor release of
> > the current branch or if that has stop
Catching up on this...
> > This leaves Debian with two options:
> > * Keep it out of a stable release and accept that it's good enough
> > if people just install whatever deb they currently find in testing/sid
> > (works out well enough for most given that blob nature of Go!)
>
> IMHO this
On Wed, Oct 21, 2020 at 08:22:11AM -0700, Sean Whitton wrote:
> Hello security team,
>
> The TC are being asked about src:kubernetes, and it would be good to
> hear from you about whether and how security support is a relevant
> consideration in determining whether the level of vendoring in that
Simon McVittie wrote:
> I think we have a fairly good picture of the costs that would be
> incurred from using alternatives:
Plus in the case of opentmpfiles; a pile of security issues: systemd-tmpfiles
addresses a number of complex races using low level primitives like openat() et
al. or O_PATH,
On Thu, Nov 28, 2013 at 08:07:16PM -0600, Steve Langasek wrote:
All distributions care about not having security issues in their code, but
that's not the same thing as actually doing the work to audit the code. In
practice this only happens when dedicated resources are turned on the code
in
5 matches
Mail list logo
