Patrick Schleizer
Patrick Schleizer
Installing intel-microcode (3.20191115.2) and spectre-meltdown-checker (0.43-2) https://packages.debian.org/bullseye/intel-microcode https://packages.debian.org/bullseye/spectre-meltdown-checker did not silence that warning either. Even if it did, this test probably does not apply inside VMs?
Filip Š: > I'm against using distribution package repositories. Packages in them are often outdated, take a lot of time to update, and many of them simply aren't available. It...
Filip Š: >> It works for thousands of applications available from > > But that applications are not written in Python and are not using Python dependencies. Many python based...
> but Debian and Ubuntu have been running insecure apt for years https://www.guardicore.com/labs/a-vulnerability-in-debians-apt-allows-for-easy-lateral-movement-in-data-centers-2/ https://security-tracker.debian.org/tracker/CVE-2019-3462 as correctly linked in above article was a vulnerability that was promptly fixed. This wasn't and...
> The bug in [CVE-2019-3462](https://github.com/advisories/GHSA-q857-rhg5-4j49) was introduced in 2009, so taking 10 years to fix it is "promptly fixed" on Debian terms? It doesn't matter when the issue was introduced....
So if you'r requesting packaging for Gentoo, upload to Gentoo... I suggest opening your own ticket. Though, not sure how much sense that makes due to https://github.com/HelloZeroNet/ZeroNet/issues/2326. But any of...
A distribution with originator signed source code sounds nice. It's certainly a nice item to have for a (security) features checklist for a Linux distribution comparison. There's a lot other...
emdee-net: >> That's I guess what you mean by originator signed. > No I don't mean maintainer signed; I mean by the originator of the package. Any link for that?...
emdee-net: > I was surprised to see no signed-by: in /etc/apt/sources.list.d/whonix.list of KickSecure. Kicksecure uses signed-by. Kicksecure doesn't use whonix.list. /etc/apt/sources.list.d/whonix.list is deprecated. Migrated. No longer in use. In Kicksecure...
emdee-net: > There's no /etc/apt/sources.list.d/derivative.list in my KickSecure and no signed-by in any of the sources.list.d files. Probably an outdated version. If already updated, any other files related to Whonix...