oss-sec mailing list archives
Re: Thoughts on a vuln/CVE?
From: Moritz Muehlenhoff <jmm () debian org>
Date: Tue, 18 Jun 2013 18:41:25 +0200
On Tue, Jun 18, 2013 at 12:44:09AM -0600, Kurt Seifried wrote:
Also part of my thought process is that (for example) this would be a good configuration to check for and ensure is disabled, something for SCAP for example or the Debian security guide (e.g. a generic "make sure all enabled repos are actually working as expected").
Debian doesn't endorse any external repository. During package installation the pre/post installation scripts run with root privs. As such, if you enable a repository you trust the people behind that repository with the equivalent to root access to your system anyway. Cheers, Moritz
Current thread:
- Thoughts on a vuln/CVE? Kurt Seifried (Jun 17)
- Re: Thoughts on a vuln/CVE? Yves-Alexis Perez (Jun 17)
- Re: Thoughts on a vuln/CVE? Russ Allbery (Jun 17)
- Re: Thoughts on a vuln/CVE? Moritz Muehlenhoff (Jun 17)
- Re: Thoughts on a vuln/CVE? Kurt Seifried (Jun 17)
- Re: Thoughts on a vuln/CVE? Florian Weimer (Jun 18)
- Re: Thoughts on a vuln/CVE? Simon McVittie (Jun 18)
- Re: Thoughts on a vuln/CVE? Dave Walker (Jun 18)
- Re: Thoughts on a vuln/CVE? Tim (Jun 18)
- Re: Thoughts on a vuln/CVE? Moritz Muehlenhoff (Jun 18)
- Re: Thoughts on a vuln/CVE? Kurt Seifried (Jun 18)
- Re: Thoughts on a vuln/CVE? Florian Weimer (Jun 18)
- Re: Thoughts on a vuln/CVE? Kurt Seifried (Jun 18)
- Re: Thoughts on a vuln/CVE? Kurt Seifried (Jun 17)