Re: [bitfolk] Upcoming reboots for security fixes prior to 1…

Top Page
Author: Alun
Date:  
To: Andy Smith
CC: users
Subject: Re: [bitfolk] Upcoming reboots for security fixes prior to 13 December

Reply to this message
gpg: Signature made Wed Dec 14 13:21:15 2016 UTC
gpg: using DSA key 22CEBE65B4501342AE928C01F9673005CDCB0665
gpg: Can't check signature: No public key
Andy Smith <andy@???> said, in message
20161214124152.GU21587@???:
>
> …perhaps I could have a bit of feedback from you as to whether we
> did the right thing in enforcing a reboot here.
>
> Discussion around the bug (unfortunately on a private list for
> discussion of the security bugs while they're under embargo, so I
> can't show you) indicated that it *probably* wasn't very dangerous.


Short (advertised) outages on my VM aren't that much of a problem, so I'm
pretty relaxed about the reboots.

IMHO...

The thing about security holes like this is that creative hackers have a
tendency to leverage them into much bigger things later. Reacting to the bug
while it's under embargo, even if it seems obscure, is probably the best
thing to do, rather than leaving it until someone finds a way of using
it to do something much scarier. At which point the 2 weeks' notice
might turn into 0 days.

Cheers,
Alun.

-- 
Dr. Alun Jones,         auj@???,            01970 622637
Mathemateg, Ffiseg a Chyfrifiadureg,      Prifysgol Aberystwyth
Mathematics, Physics & Computer Science, Aberystwyth University