Security List Updates
 

Is there a reason why there hasn't been any new posts to the security list in two months? According to the changelog there was security updates to bind and Firefox, among others.

Hm, interesting. I hadn't actually noticed, but you're right, it's been quite some time since a security update has hit my inbox.

FYI
Slackware Updates Seem to be Very QUIET

Personally speaking, I use the changelog for security warnings, and for the 99.99% of them it's all I need.

For the gory details either:
- I'll just wait until Pat finds time, between all the other things he does on slackware, to write something about it;
- if I crave them for any particular reason, I'll google them myself (after looking on the vendor site).

No mail for me either, last one I got was 15 October.
Is something wrong with list?

If you care about security you can unplug your network cable. Goodbye!

So do I. The mailing list seems an unreliable resource if you really want to stay informed. I think it is a shame, but I can live with it.

In order to keep the official components up to date, I watch the changelog daily. I use to keep an eye on PacketStorm and the National Vulnerability Database in order to know about weakness in third party software (SlackBuilds, self compiled stuff ) or defects that affect Slackware but remain not patched.

>Slackware changelog for 13.37:
ftp://ftp.osuosl.org/pub/slackware/s.../ChangeLog.txt

>Packet Storm (has some interesting RSS feeds):
http://packetstormsecurity.org/

>National Vulnerabilities Database (it has more RSS, it depends on the USA government):
http://web.nvd.nist.gov/view/vuln/search

That's not the question. The OP is asking why the security mailing list hasn't been notified of updated packages which have already been pushed out.

Yep. Going to the Slackware-current and Slackware-stable changelogs is a daily, very pleasant ritual.
Praise Bob. :)

So the Slackware Security Adivsories page and the changelog are not in sync? I had been using the advisories page and the email list to get updates - they are both listed on slackware.com as ways to keep up to date.

I run a cron job script weekly to check the change logs at one of the Slackware mirrors. If there is a change then the script automatically schedules my system to sync my local files during the night. The next day I receive a system email and I perform manual updates as needed.

Works well enough for me, but for many years I have subscribed to the security mail list notifications. The last notice I received was dated October 14, 2011. There have been many updates in that period.

Slackers tend to find ways to adapt, but many people likely depend on the service to keep track of security changes.

Perhaps the changes noted in the change logs since October 14 have not been security related, but that is not the case. For example, the changes in 13.1 for Nov. 27 specifically declare the updates as security related.

Is that notification service no longer active?

Yes it would appear the security page is not keeping up with the changelog.

I just run 'slackpkg update' every few days, and if there are any changes 'slackpkg upgrade-all' will get me up to date.

Yes, the fact that the security advisories page/service isn't updating is a pretty serious issue. There are obviously ways around this as explained in the topic, but that doesn't change the fact that many people rely on this service and it isn't currently working.

Has anyone contacted Pat about the issue?

Done. :)

Well, I just pulled down the updates from my favorite mirror so I should be up to date. I just get jumpy when it's stuff like Firefox, SSH, et al.