You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2007-09-28 05:03:32
- alleyoopster
- Member
- From: Cape Town
- Registered: 2006-11-19
- Posts: 95
Security in Arch
I just noticed this article and made me wonder if a security mailing list would be obsolete with a rolling release?
http://distrowatch.com/weekly.php?issue … #editorial
Last edited by alleyoopster (2007-09-28 14:15:14)
Offline
#2 2007-09-28 05:10:34
- kensai
- Member
- From: Puerto Rico
- Registered: 2005-06-03
- Posts: 2,484
- Website
Re: Security in Arch
Yeah, in fact they upgrade to the latest stable package (which contains security and bug fixes) every time one gets released, this lowers security risks. Is pretty much a nonsense having a security mailinglist this way cause you don't need to patch anything since pacman -Syu will always update to the latest stable package.
Offline
#3 2007-09-28 09:07:41
- .:B:.
- Forum Fellow
- Registered: 2006-11-26
- Posts: 5,819
- Website
Re: Security in Arch
Unless the latest packages spend weeks in testing, you mean? There is always a good reason to keep an eye on security, simply having the latest packages/patches doesn't mean your system is secure. It means no known exploits in programs can be used by potential attackers, but it would be overly simplistic to reduce the concept of security to an up-to-date system.
Last edited by B (2007-09-28 09:08:20)
Got Leenucks? :: Arch: Power in simplicity :: Get Counted! Registered Linux User #392717 :: Blog thingy
Offline
#4 2007-09-28 10:50:37
- ruscook
- Member
- From: Sydney Australia
- Registered: 2007-08-27
- Posts: 105
- Website
Re: Security in Arch
A security mailing list can tell you that a security flaw has been found, when a fix is available, and even what that fix is. It's then up to you and your distro HOW the fixes are provided, i.e. patches, package updates, rolling update etc.
Notification does not presuppose whether you have or don't have rolling upgrades by itself.
It's no good having rolling upgrades if people don't know that a package has been upgraded for security reasons and they should seriously consider installing it. Security updates can have a role to play in that communication process.
I'm relatively new to Arch, if we don't use some kind of notification what do we use?
Russ
Offline
#5 2007-09-28 12:36:34
- kensai
- Member
- From: Puerto Rico
- Registered: 2005-06-03
- Posts: 2,484
- Website
Re: Security in Arch
In my opinion having such a security list here in Arch will be just a waste of time for the Devs there are not many and they are always busy. So I believe we should not be that paranoid about security. Sure there is a 1 in a 100 chance you can be a target, but nothing a good stealthy firewall would not help you fix.
Offline
#6 2007-09-28 13:24:30
- ise
- Developer
- From: Karlsruhe / Germany
- Registered: 2005-10-06
- Posts: 404
- Website
Re: Security in Arch
Hi,
on the "normal" arch-mailinglist there are some posts from JJDaNiMoTh. He post regularly/irregularly some security alarms. See this: http://archlinux.org/pipermail/arch/200 … 15114.html and this: http://archlinux.org/pipermail/arch/200 … 15072.html for example.
Daniel
Offline
Pages: 1