Hi, Jacob Appelbaum wrote (06 Aug 2013 13:51:08 GMT) : > intrigeri: >> Hi, >> >> Maxim Kammerer wrote (06 Aug 2013 09:52:36 GMT) : >>> Tails references upstream advisories, or at least did so in the past. >>> https://tails.boum.org/security/Numerous_security_holes_in_0.18/ >> >> Right, and we have no plan to stop doing this. What we've been doing >> for years when releasing a new Tails that fixes security issues (that >> is, basically every single one we've put out) is: >> >> 1. Users are told "your version of Tails has known security issue" on >> startup if needed; this one has a link to a security announce like >> the one Maxim pointed to. >>
> Seems reasonable. >> 2. We issue a release announcement, such as >> https://tails.boum.org/news/version_0.19/, that starts with "All >> users must upgrade as soon as possible", but doesn't point to the >> corresponding security advisory. After reading this thread, >> I wonder if we should perhaps change this, and have this sentence >> link to the security advisory. > I tend to think that cross linking is a good idea. Done for the latest announcement: https://tails.boum.org/news/version_0.19/ Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc _______________________________________________ tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev
