How do you track security vulnerabilities? unhinge ( @unhinge@programming.dev ) Linux@lemmy.mlEnglish • 6 months ago message-square28fedilinkarrow-up157
arrow-up157message-squareHow do you track security vulnerabilities? unhinge ( @unhinge@programming.dev ) Linux@lemmy.mlEnglish • 6 months ago message-square28fedilink
Do you rely on mailing lists or news articles for security vulnerabilities? Please share. I only got to know about xz/liblzma [1] and curl [2] [3] vulnerabilities through lemmy (maybe because of high severity?). 1 ↩︎ 2 ↩︎ 3 ↩︎
minus-square unhinge ( @unhinge@programming.dev ) OPlinkfedilinkEnglish1•edit-26 months agoThen, what does a package maintainer rely on? Edit: I’m so dumb. It’s obvious they’d check original developer’s repo or issue tracker. I’m sorry
minus-square Responsabilidade ( @BaalInvoker@lemmy.eco.br ) linkfedilink2•6 months agoI don’t know… I guess in mailing lists and pages like RSS feed from main enterprises like SuSE, Red Hat and Canonical
minus-square ⲇⲅⲇ ( @Aradia@lemmy.ml ) linkfedilink1•6 months agoYou can track this kind of stuff on Mastodon also, join into a security instance (like https://infosec.exchange/explore) or start following them from another instance.
Then, what does a package maintainer rely on?Edit: I’m so dumb. It’s obvious they’d check original developer’s repo or issue tracker. I’m sorry
I don’t know… I guess in mailing lists and pages like RSS feed from main enterprises like SuSE, Red Hat and Canonical
You can track this kind of stuff on Mastodon also, join into a security instance (like https://infosec.exchange/explore) or start following them from another instance.