Explore >> Select a destination
|
You are here 
|
logr.cogley.info | ||
| | | | |
nixcademy.com
|
|
| | | | | All Nixcademy Blog Posts - stay up to date with the latest news in the Nix world! Do not forget to check out our RSS feed. | |
| | | | |
nickjanetakis.com
|
|
| | | | | Adding a digest reference to your images can make builds more predictable, here's a few pros and cons of using them. | |
| | | | |
blog.jak-linux.org
|
|
| | | | | In DebConf17 there was a talk about The Update Framework, short TUF. TUF claims to be a plug-in solution to software updates, but while it has the same practical level of security as apt, it also has the same shortcomings, including no way to effectively revoke keys. TUF divides signing responsibilities into roles: A root role, a targets rule (signing stuff to download), a snapshots rule (signing meta data), and a time stamp rule (signing a time stamp file). There also is a mirror role for signing a list of mirrors, but we can ignore that for now. It strongly recommends that all keys except for timestamp and mirrors are kept offline, which is not applicable for APT repositories - Ubuntu updates the repository every 30 minutes, imagine doing that with offline keys. An insane proposal. | |
| | | | |
www.wiz.io
|
|
| | | Multiple vulnerabilities were disclosed in Exim MTA, including CVE-2023-42115, which enables attackers to remotely execute code on publicly exposed Exim servers | ||
