[ubuntu-studio-devel] Important: Ubuntu/Debian Security Hole
Ralf Mardorf
ralf.mardorf at rocketmail.com
Wed Aug 31 13:20:08 UTC 2016
On Tue, 30 Aug 2016 23:04:40 +0200, Ralf Mardorf wrote:
>On Tue, 30 Aug 2016 15:31:07 -0500, Yoshi wrote:
>>There is allegedly a recently published security hole in the
>>"Ubuntu/Debian update mechanism" involving authentication and
>>signatures.
>
>What is the source of this vague "information"?
>
>>You are welcome to forward this message as is to anyone else in the
>>Ubuntu Development community, but I won't be speculating on nor
>>elaborating about the issue. I'm not a programmer, so I wouldn't know
>>how to talk about it anyhow.
>
>You already started talking about it.
PS:
On Wed, 31 Aug 2016 08:11:12 +0200, Set Hallstrom wrote:
>Got to be reffering to this:
>https://www.schneier.com/blog/archives/2016/08/powerful_bit-fl.html
See
https://lists.ubuntu.com/archives/ubuntu-users/2016-August/287193.html
On Wed, 31 Aug 2016 03:11:29 -0400, lukefromdc at hushmail.com wrote:
>For me this adds still more packages to what I have to build from
>source, starting with the kernel.
If the signing per se would be the real issue, then it wouldn't matter
if you check the source by it's key
https://www.kernel.org/signature.html
or a binary package by it's key.
Regards,
Ralf
More information about the ubuntu-studio-devel
mailing list