From mboxrd@z Thu Jan 1 00:00:00 1970 From: Kei Kebreau Subject: Re: Security updates (was Re: texmaker, Qt and Chromium) Date: Sun, 09 Oct 2016 17:07:34 -0400 Message-ID: <87a8edjko9.fsf@openmailbox.org> References: <877f9kufxx.fsf@elephly.net> <20161008105545.6154ed73@scratchpost.org> <20161009201310.GA30105@jasmine> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:50541) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1btLK3-0007GS-HP for guix-devel@gnu.org; Sun, 09 Oct 2016 17:07:52 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1btLJz-00024x-5G for guix-devel@gnu.org; Sun, 09 Oct 2016 17:07:50 -0400 Received: from mail2.openmailbox.org ([62.4.1.33]:33127) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1btLJy-00024p-QI for guix-devel@gnu.org; Sun, 09 Oct 2016 17:07:47 -0400 In-Reply-To: <20161009201310.GA30105@jasmine> (Leo Famulari's message of "Sun, 9 Oct 2016 16:13:10 -0400") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Leo Famulari Cc: guix-devel --=-=-= Content-Type: text/plain Leo Famulari writes: > On Sat, Oct 08, 2016 at 10:55:45AM +0200, Danny Milosavljevic wrote: >> One of the reasons I'm using distributions rather than just >> ./configure ; make ; make install is that distributors stay on top of >> security problems and disable and/or patch packages as problems arise. >> I think many others also mainly use distributions because of that. > > I'm going off-topic here, but... Please Help :) > > Right now there are only a few of us paying attention to security bug > disclosures and, in my opinion, that's not enough. > > If you are interested in keeping Guix secure, try subscribing to the > oss-sec mailing list. If you use Guix on a foreign distro, you can > subscribe to that distro's security announcement list. If you are the de > facto maintainer of some Guix packages, or if you run your business on > some Guix packages, follow the upstream bug reports. > > And then, patch bugs in our packages. If you aren't sure how to fix the > bugs, it's still helpful to present them on guix-devel and ask for > advice. > > Help Wanted! > > [0] > http://seclists.org/oss-sec/ > > [1] For example: > https://lists.debian.org/debian-security-announce/ Subscribed to the oss-sec list! --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJX+rGWAAoJEOal7jwZRnoNAS8P/jdaDZqcd6WiwIdCJKiof+yH kJzPgduMsjd56TAkSd2MPBK3HEUPsaD+h3uqfO/X/CPyp/xPvfRiawlwsiq0RYuz Sonmz+qJy3Ziq1QGzjWK29Kt2zG2r1/peed4UQK5b98YaEazSoFXjI32mkIvIWHs Jz1akgGcHQZfKcPkuKD0aPuic8kMIrxvIeyQFNTl3K4AZFSFS3gNpUNRTU8ApqMG m1PfgZONy84E4Jm8vm1TS6RWCRPaXzBWsMtWEGt4Gw7b/nhONbNSmd752Na10g72 1OgDgmSw18bBPVbeCxtqS2eprIPnMugyz9wqqovR2cDwBBNQk+EXULfLGgSnapyP Y9hmdcP+FB3Fmu5YmbaI3NIAbD/C2dsqwTihYwFRDAgTdjMB14ozv374y+ZXPbdl H1nex//2D3gZdUyJBzZdPWtOilX5varpbXIuPz+vvb9nJhWagVRFTprpj070bzQC qRwKnSFT2eT9nDB8WesUeuCRifR5chZp7DhYRok3183sxavz4hWwZZrtz39WjDPW 03A1i21J8c5Z2ANB0kCi3zgY7YIi2brPirOXffn2fD8VOI/4e008IQepV37Rjm5p hc0N9u2BaAv0tg23mRsQ9E0vjpBnFUPsKpkq11v2SAXDJRT9vZVIhaZDHWptsJQy lOhvLWl9L9r3Eivg4t0T =nc50 -----END PGP SIGNATURE----- --=-=-=--