guix-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security updates (was Re: texmaker, Qt and Chromium)


From: ng0
Subject: Re: Security updates (was Re: texmaker, Qt and Chromium)
Date: Tue, 11 Oct 2016 11:40:54 +0000

Leo Famulari <address@hidden> writes:

> On Sat, Oct 08, 2016 at 10:55:45AM +0200, Danny Milosavljevic wrote:
>> One of the reasons I'm using distributions rather than just
>> ./configure ; make ; make install is that distributors stay on top of
>> security problems and disable and/or patch packages as problems arise.
>> I think many others also mainly use distributions because of that.
>
> I'm going off-topic here, but... Please Help :)
>
> Right now there are only a few of us paying attention to security bug
> disclosures and, in my opinion, that's not enough.
>
> If you are interested in keeping Guix secure, try subscribing to the
> oss-sec mailing list. If you use Guix on a foreign distro, you can
> subscribe to that distro's security announcement list. If you are the de
> facto maintainer of some Guix packages, or if you run your business on
> some Guix packages, follow the upstream bug reports.
>
> And then, patch bugs in our packages. If you aren't sure how to fix the
> bugs, it's still helpful to present them on guix-devel and ask for
> advice.
>
> Help Wanted!
>
> [0]
> http://seclists.org/oss-sec/
>
> [1] For example:
> https://lists.debian.org/debian-security-announce/
>
>

I can second this help request. It's hard to keep track of the
vulnerabilities. Because I maintain packages for Gentoo I find the
frequently released GLSAs of Gentoo very useful too. They are Gentoo
specific, but Gentoo has a good amount of packages to keep track of.
It can be subscribed via Email or feed reader here:
https://www.gentoo.org/support/security/

-- ng0



reply via email to

[Prev in Thread] Current Thread [Next in Thread]