linux.gentoo.user

> > Good points Albert. Is a daily 'emerge --sync && emerge -avDuN world'
> > generally enough as far as tracking security vulnerabilities?
> >
> > - Grant
>
> That's not really for me to say. But I can tell you that although the
> Gentoo developers take matters of security seriously, there is no
> full-time security tracker. Sometimes things don't get patched in
> portage until someone (else) creates a bug report. And even if that
> were not the case, there are 0-day exploits that have yet to be patched.
>
> So it really depends on how informed/paranoid you are about what you
> have accepting requests from the Internet.

While we're on the subject, what is the best way to stay on top of
security vulnerabilities for a group of services? Should I be
subscribed to their announcement mailing lists and make sure I'm
notified of new mail?

- Grant
--
gentoo-user@lists.gentoo.org mailing list