Hacker News new | ask | show | jobs
by meaty 4860 days ago
As follows:

1. Read the vulnerability description.

2. Ask yourself if you are vulnerable.

3. No? Don't worry about it.

4. Yes? External mitigation where possible or patch ourselves and commit back to debian (we a project member on our team).

We've not got to 4 yet, but have committed loads of fixes anyway.
1 comments
BUGHUNTER 4859 days ago
OK, but real life (low budget) scenario is:

1. aptitude update && aptitude upgrade 2. ask yourself, if your system is vulnerable now 3. feel the good hope and go ahead.

If I had the budget / time to research every single CVE I would probably not trust repositories at all...

do YOU trust repositories?

link
meaty 4859 days ago
Yeah and that's pretty much good enough for most people.

That's what we do for our internal dev systems.

link