Security List Updates
Is there a reason why there hasn't been any new posts to the security list in two months? According to the changelog there was security updates to bind and Firefox, among others.
|
Hm, interesting. I hadn't actually noticed, but you're right, it's been quite some time since a security update has hit my inbox.
|
|
Personally speaking, I use the changelog for security warnings, and for the 99.99% of them it's all I need.
For the gory details either: - I'll just wait until Pat finds time, between all the other things he does on slackware, to write something about it; - if I crave them for any particular reason, I'll google them myself (after looking on the vendor site). |
No mail for me either, last one I got was 15 October.
Is something wrong with list? |
If you care about security you can unplug your network cable. Goodbye!
|
Quote:
In order to keep the official components up to date, I watch the changelog daily. I use to keep an eye on PacketStorm and the National Vulnerability Database in order to know about weakness in third party software (SlackBuilds, self compiled stuff ) or defects that affect Slackware but remain not patched. >Slackware changelog for 13.37: ftp://ftp.osuosl.org/pub/slackware/s.../ChangeLog.txt >Packet Storm (has some interesting RSS feeds): http://packetstormsecurity.org/ >National Vulnerabilities Database (it has more RSS, it depends on the USA government): http://web.nvd.nist.gov/view/vuln/search |
Quote:
|
Quote:
Praise Bob. :) |
So the Slackware Security Adivsories page and the changelog are not in sync? I had been using the advisories page and the email list to get updates - they are both listed on slackware.com as ways to keep up to date.
|
I run a cron job script weekly to check the change logs at one of the Slackware mirrors. If there is a change then the script automatically schedules my system to sync my local files during the night. The next day I receive a system email and I perform manual updates as needed.
Works well enough for me, but for many years I have subscribed to the security mail list notifications. The last notice I received was dated October 14, 2011. There have been many updates in that period. Slackers tend to find ways to adapt, but many people likely depend on the service to keep track of security changes. Perhaps the changes noted in the change logs since October 14 have not been security related, but that is not the case. For example, the changes in 13.1 for Nov. 27 specifically declare the updates as security related. Is that notification service no longer active? |
Quote:
I just run 'slackpkg update' every few days, and if there are any changes 'slackpkg upgrade-all' will get me up to date. |
Quote:
Has anyone contacted Pat about the issue? |
Quote:
|
Well, I just pulled down the updates from my favorite mirror so I should be up to date. I just get jumpy when it's stuff like Firefox, SSH, et al.
|
All times are GMT -5. The time now is 12:01 PM. |