From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1NYNoC-0004Qj-42 for garchives@archives.gentoo.org; Fri, 22 Jan 2010 18:00:36 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B1F01E07F6 for ; Fri, 22 Jan 2010 18:00:35 +0000 (UTC) Received: from mail2.viabit.com (mail2.viabit.com [65.246.80.16]) by pigeon.gentoo.org (Postfix) with ESMTP id 149F6E066B for ; Fri, 22 Jan 2010 17:29:23 +0000 (UTC) Received: from [10.1.1.204] (unknown [65.213.236.244]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail2.viabit.com (Postfix) with ESMTPSA id 62AB6D8F21 for ; Fri, 22 Jan 2010 12:29:23 -0500 (EST) Message-ID: <4B59E073.2020104@orlitzky.com> Date: Fri, 22 Jan 2010 12:29:23 -0500 From: Michael Orlitzky User-Agent: Thunderbird 2.0.0.23 (X11/20090817) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 To: gentoo-hardened@lists.gentoo.org Subject: Re: [gentoo-hardened] Security updates References: <5D030B24B210824291B610C6C08E8F58E146581797@BOW-EVS-V01.uoc.local> In-Reply-To: <5D030B24B210824291B610C6C08E8F58E146581797@BOW-EVS-V01.uoc.local> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: f33f9052-6e1d-47b4-89d4-1c536eb281cb X-Archives-Hash: 47256857efc54b227eb74224bf6418ee Machell, Jonathan wrote: > Hello there, > > We're currently trialling Gentoo to possibly host some of our web-servers. I've used Gentoo for over eight years so I'm leading these trials. > > I've subscribed to this mailing list but also gentoo-server and gentoo-security. I'm trying to keep up to speed with all the latest security news affecting Gentoo, GNU/Linux, Apache and MySQL. Should subscription to these mailing lists be sufficient for this or is there any other place where I should be looking to keep on top of security issues? I'm aware that this and the other two mailing lists are low traffic but I haven't heard a peep since subscribing on Tuesday. Is that normal? I was hoping to go through the archives of previous messages at some point. Are these kept somewhere? I'm late to the party on this, but I also subscribe to the mailing lists of all public-facing software on our servers. For example, Postfix, Dovecot, SpamAssassin, Apache, PHP, ClamAV... Many security issues get reported to those lists before they're officially dubbed security issues. "Public-facing" is of course a meaningless term. Do you include iptables? How about glibc? GCC itself? You'll have to use your judgment and/or eliminate the lists that are boring to listen to. If you flood your inbox with noise, you'll stop paying attention and lose the benefits altogether.