gundamguy Posted February 24, 2015 Share Posted February 24, 2015 What I would really like to see done, is for the Security Model form to be renamed to something akin to "Security Reports" (Which is what was mostly posted in Security Model anyway) and be actively maintained by someone at Lime-Teconology like the RoadMap. AKA when a Security Report that affects unraid pops up, post it in the Security Reports forum, and when a security patch is implemented or pushed out mark it as [solved]/[Fixed]. This is based on reading NAS's request from December 2014, and becuase I noticed recent confusion about where to discuss or document security notices that affect unraid, with some posting in General Support. Posting in General Support seems wrong as it'll get drowned out by every day questions, and not all users are inclined to check both general support forms for all version fo unraid. Quote Link to comment
NAS Posted February 25, 2015 Share Posted February 25, 2015 Obviously I agree. I dont think we need to do much it just needs to be documented a bit better and feel a little less ad hoc. Its one of the big advantages of Slackware there are almost no security announcements. Quote Link to comment
Wimpie Posted April 14, 2015 Share Posted April 14, 2015 Its one of the big advantages of Slackware there are almost no security announcements. Is this because Slackware is really secure? Or is it because nobody bothers/is available to release a security announcement? Quote Link to comment
BRiT Posted April 14, 2015 Share Posted April 14, 2015 What I would really like to see done, is for the Security Model form to be renamed to something akin to "Security Reports" (Which is what was mostly posted in Security Model anyway) and be actively maintained by someone at Lime-Teconology like the RoadMap. I don't; I actually want the security reports addressed in a timely fashion. Quote Link to comment
ken-ji Posted April 14, 2015 Share Posted April 14, 2015 Its one of the big advantages of Slackware there are almost no security announcements. Is this because Slackware is really secure? Or is it because nobody bothers/is available to release a security announcement? There can be plenty of announcements, its just that since Slackware doesn't use crap like PAM (this is a double edged sword mind you - great for fancy authentication schemes but also great for shooting yourself in the foot and security issues) there will be less exploitable vectors. See http://www.slackware.com/security/list.php?l=slackware-security&y=2015 for 2015 bulletins so far I run Slackware in the public internet (admittedly low traffic and personal site) and do keep a closer eye on the vulnerabilities. Quote Link to comment
gundamguy Posted April 15, 2015 Author Share Posted April 15, 2015 What I would really like to see done, is for the Security Model form to be renamed to something akin to "Security Reports" (Which is what was mostly posted in Security Model anyway) and be actively maintained by someone at Lime-Teconology like the RoadMap. I don't; I actually want the security reports addressed in a timely fashion. I agree that would be ideal. When I said "Actively Maintained like the RoadMap" what I mean is a thread is open when secruity report is known, and then someone from LimeTech posts "Fixed in XXXXXXXX" and closes the thread when a fix has been implemented... not really suggesting that these things should linger, just that it should be better documented. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.