On Wed, 8 Apr 2020 17:39:54 +
Peter Stuge wrote:
> E.g. for auditing the installed values of these could be worth a lot.
Only as far as analyising "why was this package installed, currently
the metadata says its un-audited!".
But for things like "affected by CVE/Bug", the very nature of
Kent Fredric wrote:
> Syntax above not expected verbatim, just food for thought,
I think this is a really good and useful idea. I would love to see it.
> the nature of this metadata is that it SHOULD NOT be in the ebuild
> itself, as it is inherently "repo based", the installed values of
>
On Tue, 07 Apr 2020 14:44:04 +0100
Roy Bamford wrote:
> Gentoo must not single out any package for special treatment.
Indeed. Cases like this just demonstrate that something about the way
we do things is somehow inadequate.
The idea that "what we have works" is something we get away with,
On Tue, 7 Apr 2020 12:47:33 +0200
Thomas Deutschmann wrote:
> Sure, that could have banal reasons like "No one audited the Linux
> version yet". But in security you don't issue warnings if you aren't
> sure. Because if you make false statements people will no longer trust
> you. But trust is
On 2020.04.07 09:48, Ulrich Mueller wrote:
> > On Tue, 07 Apr 2020, Samuel Bernardo wrote:
>
> > No assurance is also a level that takes place in the lower ranking
> > level. If someone needs to use zoom because they are demanded by
> their
> > boss I think that would be even more useful to
On 2020-04-07 12:35, Alessandro Barbieri wrote:
> What about moving all of these binary-only packages in an official overlay
> (made for the scope) or in GURU?
And which problem is that going to solve?
Do we want to tell world, "Look! Gentoo is the most secure distribution!
We have zero
On 2020-04-07 10:48, Ulrich Mueller wrote:
> We could add a README.gentoo file with our caveats. It won't be perfect,
> but maybe better than nothing. (And certainly better than displaying a
> warning on every upgrade, which will eventually annoy people [1].)
I am strictly against something like
What about moving all of these binary-only packages in an official overlay
(made for the scope) or in GURU?
Il Gio 2 Apr 2020, 02:48 Rich Freeman ha scritto:
> On Wed, Apr 1, 2020 at 8:18 PM Alessandro Barbieri
> wrote:
> >
> > I have concerns about the inclusion of zoom in ::gentoo. For me
> On Tue, 07 Apr 2020, Samuel Bernardo wrote:
> No assurance is also a level that takes place in the lower ranking
> level. If someone needs to use zoom because they are demanded by their
> boss I think that would be even more useful to know that it is possible
> to install zoom in Gentoo and
On Mon, 6 Apr 2020 23:55:07 +0100
Samuel Bernardo wrote:
> This is the kind of useful information that we could collect from the
> QA, extending the greatness of the best distro ever made. The
> availability of software from a distro is better than installing it
> standalone, allowing to share
Hi Kent,
On 4/6/20 2:08 PM, Kent Fredric wrote:
> So no, nobody can actually make assurances of this software, we can
> only stipulate which cautions we know are warranted.
No assurance is also a level that takes place in the lower ranking
level. If someone needs to use zoom because they are
On Sun, 5 Apr 2020 17:11:01 +0100
Samuel Bernardo wrote:
> Sorry about my comment, but couldn't that be solved choosing the right
> profile or opting for an official overlay, raking the assurance level of
> those?
If zoom is a binary only package, not opensource, we can't make any
assurances.
On 2020-04-04 15:57, Kent Fredric wrote:
> Depends how concerned you are about VM busting exploits contaminating
> the host.
>
> ( Maybe not Zoom in particular, but with regard to the general theme of
> "risky apps on a valued system" )
Sorry about my comment, but couldn't that be solved choosing
On Thu, 2 Apr 2020 10:01:57 +0200
Michal Prívozník wrote:
> Alternatively, you can set up a VM that contains nothing but the bare
> minimum required to run app X and assign webcam to it, for instance.
> Having said that, I'd still love the packaging system to install the app
> as it resolves all
On Wed, 1 Apr 2020 17:53:39 -0700
Alec Warner wrote:
> you cannot accept arbitrary long
> passwords
Sure you can, as long as you're not storing them anywhere, and are
instead, storing their checksum of some kind.
Then the only limitations really are how much memory and time you have
to locally
Hi,
it's true that zoom is currently getting a lot of attention. It all
started with the iOS application using Facebook SDK to provide login
through Facebook and their TOS/privacy statement.
That triggered a lot of (security) researchers who are currently sitting
at home like most people in
> On Thu, 02 Apr 2020, Rich Freeman wrote:
> I guess we could stick an einfo in the post-install messages,
Not sure if that's necessary. Zoom is a proprietary, closed-source,
fetch-restricted package, so users should know that they cannot expect
the same level of quality as for free
> On Thu, 02 Apr 2020, Alessandro Barbieri wrote:
> I have concerns about the inclusion of zoom in ::gentoo. For me it's
> more like a malware.
Gentoo is about choice. If users want to use Zoom (or have to, because
their employer schedules a meeting using that platform) then it is not
our
On 2. 4. 2020 7:51, Michał Górny wrote:
> On Thu, 2020-04-02 at 10:13 +0800, William Kenworthy wrote:
>> And I would like to add that sometimes you don't have a choice - if
>> someone who is paying you says to use zoom, there is no choice
>
> You always have a choice. You can live poor and
On Thu, 2020-04-02 at 10:13 +0800, William Kenworthy wrote:
> And I would like to add that sometimes you don't have a choice - if
> someone who is paying you says to use zoom, there is no choice
You always have a choice. You can live poor and happy! ;-)
> - but I
> would rather use gentoo
And I would like to add that sometimes you don't have a choice - if
someone who is paying you says to use zoom, there is no choice - but I
would rather use gentoo than fire up the MS laptop..
What gentoo can do is mitigate the risk - which I need to look into to
see whats done in the ebuild
On Wed, Apr 1, 2020 at 5:18 PM Alessandro Barbieri
wrote:
> I have concerns about the inclusion of zoom in ::gentoo. For me it's more
> like a malware.
> From the hacker news feed you'll find out that:
>
> [1] zero day vulnerability found
>
[2] passwords are truncated to 32 bit
>
[3] previously
On Wed, Apr 1, 2020 at 8:18 PM Alessandro Barbieri
wrote:
>
> I have concerns about the inclusion of zoom in ::gentoo. For me it's more
> like a malware.
> From the hacker news feed you'll find out that:
I guess we could stick an einfo in the post-install messages, but if
you're joining a zoom
23 matches
Mail list logo
