Security response team?
Jon South
striker at lunar-linux.org
Wed Apr 7 09:15:17 GMT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ratler at lunar-linux.org wrote:
> Hey guys.
>
> Some people have started to ask questions if we have a official security
> response team, not like it works now where some of the devs just fix the
> issue and maybe send a mail to our list it fixed.
>
> What we need is a team, a few people from all the devs that share a PGP
> key and new list where people can send us mail encrypted or not. For
> example security at lunar-linux.org. This way we can sign all our mails with
> this key when responding to security problems and updates. This way users
> can also verify that our updates are not fake and that it really comes
> from us.
>
> What do you guys think?
>
> Sincerely
> Stefan Wold
Hmm...Interesting idea, but isn't that normally only for distros that
make/modify their packages? We do fairly few patches and other
modifications to the installable modules ourselves.
However, it's a pretty noble idea, I guess it'd be best to be safe than
sorry. I try to keep up with the current security issues myself and I
subscribe to the Full-Disclosure mailing list which is one of the few
ML's that gets a lot of the new exploits/bugs for software/hardware.
I am curious though, as to how we could fix problems with software as
opposed to the software's developer fixing it themselves and us just
updating the module. However, that leads to the question about what to
do with software that no logner has a dev team to maintain them...
Just my 3.1459 cents.
- -Striker
P.S. - Are there (have there been) any known exploits for the lunar core
tools?
- --
The system requirements said "Windows 95 or better"
So I installed Linux.
Microsoft sells you Windows; Linux gives you the house.
v1sw6CUhw5ln4pr5ck4ma6/7u8Lw3Tm5l6+8GOa21s6Mr2e5+7t5/6TNDVESLFRXMb3Hp0en6/7g9ASTHCNMP
www.hackerkey.com
Registered Linux User: 332618
<http://striker.interhact.net/striker.asc>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFAdAx6y3qPFSnhIpMRAi+oAJ9d6JgsSLTCGLLf5Fu++q92aNiFQACfbncq
kEsv6+b2R6wFEhuNvA7zK+o=
=MHlX
-----END PGP SIGNATURE-----
More information about the Lunar-dev
mailing list