Hi,
Jacob Appelbaum wrote (06 Aug 2013 13:51:08 GMT) :
> intrigeri:
>> Hi,
>>
>> Maxim Kammerer wrote (06 Aug 2013 09:52:36 GMT) :
>>> Tails references upstream advisories, or at least did so in the past.
>>> https://tails.boum.org/security/Numerous_security_holes_in_0.18/
>>
>> Right, and we have no plan to stop doing this. What we've been doing
>> for years when releasing a new Tails that fixes security issues (that
>> is, basically every single one we've put out) is:
>>
>> 1. Users are told "your version of Tails has known security issue" on
>> startup if needed; this one has a link to a security announce like
>> the one Maxim pointed to.
>>
> Seems reasonable.
>> 2. We issue a release announcement, such as
>> https://tails.boum.org/news/version_0.19/, that starts with "All
>> users must upgrade as soon as possible", but doesn't point to the
>> corresponding security advisory. After reading this thread,
>> I wonder if we should perhaps change this, and have this sentence
>> link to the security advisory.
> I tend to think that cross linking is a good idea.
Done for the latest announcement:
https://tails.boum.org/news/version_0.19/
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
