[liberationtech] Freedom Hosting, Tormail Compromised // OnionCloud
Jacob Appelbaum
jacob at appelbaum.net
Tue Aug 6 06:51:08 PDT 2013
intrigeri:
> Hi,
>
> Maxim Kammerer wrote (06 Aug 2013 09:52:36 GMT) :
>> Tails references upstream advisories, or at least did so in the past.
>> https://tails.boum.org/security/Numerous_security_holes_in_0.18/
>
> Right, and we have no plan to stop doing this. What we've been doing
> for years when releasing a new Tails that fixes security issues (that
> is, basically every single one we've put out) is:
>
> 1. Users are told "your version of Tails has known security issue" on
> startup if needed; this one has a link to a security announce like
> the one Maxim pointed to.
>
Seems reasonable.
> 2. We issue a release announcement, such as
> https://tails.boum.org/news/version_0.19/, that starts with "All
> users must upgrade as soon as possible", but doesn't point to the
> corresponding security advisory. After reading this thread,
> I wonder if we should perhaps change this, and have this sentence
> link to the security advisory.
I tend to think that cross linking is a good idea.
All the best,
Jacob
More information about the liberationtech
mailing list