[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-users] Savannah security software updates (was: Multiple GPG k

From: Asher Gordon
Subject: [Savannah-users] Savannah security software updates (was: Multiple GPG keys on Savannah)
Date: Sat, 03 Aug 2019 01:35:18 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)

Bob Proulx <address@hidden> writes:

> Asher Gordon wrote:
>> I see. It's too bad Savannah doesn't host the GnuPG git repository,
>> because then I could point out how ironic it is that Savannah hosts
>> GnuPG but still uses an old version! :-)
> I'll own that one.  I really push for having an alive security patch
> process and using a software distribution package management system
> makes that much easier than building everything from scratch.
> [...]

I was just making a joke (perhaps not a very good one :-) ). I wasn't
trying to criticize Savannah. But of course, security *is* important.

> The terrible irony would be that a security vulnerability would get
> found, reported, known by the malicious, fixed upstream, and we might
> still be running a stale old copy that we had not realized needed to
> be updated if we are not paying attention and get compromised.  On the
> other hand the daily distro package upgrade keeps things simple.

Yes, using distro packages is probably a good idea. Might I suggest
moving to Debian eventually? I know it's not FSF-endorsed, but "main"
has only free software. Debian stable ("buster" currently) has
reasonably recent software versions and is stable and secure. Of course,
it would probably be a lot of work to migrate Savannah to Debian, and it
might not be worth it. Another major downside would be that you don't
get the cool ASCII logo on login. :-)


<cas> well there ya go.  say something stupid in irc and have it
      immortalised forever in someone's .sig file

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]