[Secure-testing-team] debsecan announcement
Florian Weimer
fw at deneb.enyo.de
Thu Jan 19 14:36:13 UTC 2006
* Moritz Muehlenhoff:
> Before bringing this to a wider audience more false positives and
> non-issues should be weeded out (or at least document it very
> clearly that most are theoretical issues, that do not affect your
> system's security in a real-world situation, e.g. by setting the
> display default to >= medium).
This approach has a certain "because it's devastating to my case"
aspect. I don't really like pampering over these issues for PR
reasons. If DDs can't be bothered to fix minor security issues, we
should be open about it.
> E.g. the first four entries in the list of "vulnerabilities w/o
> updates" for my notebook are all more or less moot:
Sure, I should add an urgency filter. But this is not a real
substitute for fixing bugs.
More information about the Secure-testing-team
mailing list