Security response team?

Jon South striker at lunar-linux.org
Wed Apr 7 09:15:17 GMT 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ratler at lunar-linux.org wrote:
 > Hey guys.
 >
 > Some people have started to ask questions if we have a official security
 > response team, not like it works now where some of the devs just fix the
 > issue and maybe send a mail to our list it fixed.
 >
 > What we need is a team, a few people from all the devs that share a PGP
 > key and new list where people can send us mail encrypted or not. For
 > example security at lunar-linux.org. This way we can sign all our mails with
 > this key when responding to security problems and updates. This way users
 > can also verify that our updates are not fake and that it really comes
 > from us.
 >
 > What do you guys think?
 >
 > Sincerely
 > Stefan Wold

Hmm...Interesting idea, but isn't that normally only for distros that 
make/modify their packages? We do fairly few patches and other 
modifications to the installable modules ourselves.

However, it's a pretty noble idea, I guess it'd be best to be safe than 
sorry. I try to keep up with the current security issues myself and I 
subscribe to the Full-Disclosure mailing list which is one of the few 
ML's that gets a lot of the new exploits/bugs for software/hardware.

I am curious though, as to how we could fix problems with software as 
opposed to the software's developer fixing it themselves and us just 
updating the module. However, that leads to the question about what to 
do with software that no logner has a dev team to maintain them...

Just my 3.1459 cents.

- -Striker

P.S. - Are there (have there been) any known exploits for the lunar core 
tools?

- --
The system requirements said "Windows 95 or better"
So I installed Linux.

Microsoft sells you Windows; Linux gives you the house.

v1sw6CUhw5ln4pr5ck4ma6/7u8Lw3Tm5l6+8GOa21s6Mr2e5+7t5/6TNDVESLFRXMb3Hp0en6/7g9ASTHCNMP 
www.hackerkey.com

Registered Linux User: 332618
<http://striker.interhact.net/striker.asc>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAdAx6y3qPFSnhIpMRAi+oAJ9d6JgsSLTCGLLf5Fu++q92aNiFQACfbncq
kEsv6+b2R6wFEhuNvA7zK+o=
=MHlX
-----END PGP SIGNATURE-----

More information about the Lunar-dev mailing list