emdee-net
emdee-net
Malicious code has been found on pypi https://www.zdnet.com/article/twelve-malicious-python-libraries-found-and-removed-from-pypi/ but Debian and Ubuntu have been running insecure apt for years https://www.guardicore.com/labs/a-vulnerability-in-debians-apt-allows-for-easy-lateral-movement-in-data-centers-2/ The *only* solution if you want a secure system is...
The bug in CVE-2019-3462 was introduced in 2009, so taking 10 years to fix it is "promptly fixed" on Debian terms? Last time I looked at apt in Debian wasn't...
Please use words and sentences, as just posting links that are 5+ years out of date with regard to the point being made, is not helpful. To recall, the discussion...
The decision on a Gentoo overlay was to drop ZeroNet entirely https://github.com/leycec/raiagent/commit/e3cbb3bc276eaca8f09c2b45e25253d49f0de912 https://github.com/leycec/raiagent/issues/101 My suggestion for you is to change the title to "please do not depend on python-pip3 or...
> That's I guess what you mean by originator signed. No I don't mean maintainer signed; I mean by the originator of the package. > As for Gentoo vs TUF,...
I was surprised to see no signed-by: in /etc/apt/sources.list.d/whonix.list of KickSecure. You're reading Portage/Repository_verification which is assumed, and not what I'm talking about: I'm talking about *originator* signing. > Any...
There's no /etc/apt/sources.list.d/derivative.list in my KickSecure and no signed-by in any of the sources.list.d files. Not a problem - there is no distribution I know of that ships merkletools (and...
@ALL @TwinLizzie has an active fork at https://github.com/TwinLizzie/ZeroNet. And there's another at https://github.com/zeronet-conservancy/zeronet-conservancy/ which I will avoid because it looks like it's folllowing a surefire recipe to bifurcate and stall...
@TwinLizzie doesn't maintain a changelog of https://github.com/TwinLizzie/ZeroNet and nor does @canewsin of https://github.com/HelloZeroNet/ZeroNet It would be nice if forks maintained a seperate changelog of the changes they make. @geekless put...
Does anyone have write access to https://zeronet.io/ or is it controlled only by Tamas? It looks like the executables it points to are vulnerable to RCE.