The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Central register of package use



From: Joey Hess <joey@kite.ml.org>
> +By default, http://localhost/doc/ should only be accessable from
> +localhost, so crackers cannot read this directory to and find out the  
> +versions of all packages installed on the system.

Is this "security through obscurity"? I think the existance of a Debian
package with a security hole is sufficient - you don't need to be told
what version of a package is installed on a particular system. The
cracker (not hacker, thank you) need only check systems with email
addresses seen on the Debian lists until a system with the security
hole is found.

	Thanks

	Bruce


--
Please respect the confidentiality of material on the debian-private list.
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com