[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-users] Savannah security software updates (was: Multiple GPG k
[Savannah-users] Savannah security software updates (was: Multiple GPG keys on Savannah)
Sat, 03 Aug 2019 01:35:18 -0400
Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
Bob Proulx <address@hidden> writes:
> Asher Gordon wrote:
>> I see. It's too bad Savannah doesn't host the GnuPG git repository,
>> because then I could point out how ironic it is that Savannah hosts
>> GnuPG but still uses an old version! :-)
> I'll own that one. I really push for having an alive security patch
> process and using a software distribution package management system
> makes that much easier than building everything from scratch.
I was just making a joke (perhaps not a very good one :-) ). I wasn't
trying to criticize Savannah. But of course, security *is* important.
> The terrible irony would be that a security vulnerability would get
> found, reported, known by the malicious, fixed upstream, and we might
> still be running a stale old copy that we had not realized needed to
> be updated if we are not paying attention and get compromised. On the
> other hand the daily distro package upgrade keeps things simple.
Yes, using distro packages is probably a good idea. Might I suggest
moving to Debian eventually? I know it's not FSF-endorsed, but "main"
has only free software. Debian stable ("buster" currently) has
reasonably recent software versions and is stable and secure. Of course,
it would probably be a lot of work to migrate Savannah to Debian, and it
might not be worth it. Another major downside would be that you don't
get the cool ASCII logo on login. :-)
<cas> well there ya go. say something stupid in irc and have it
immortalised forever in someone's .sig file
Description: PGP signature