Do you rely on mailing lists or news articles for security vulnerabilities? Please share.

I only got to know about xz/liblzma [1] and curl [2] [3] vulnerabilities through lemmy (maybe because of high severity?).


  1. 1 ↩︎

  2. 2 ↩︎

  3. 3 ↩︎

  • Björn Tantau@swg-empire.de
    link
    fedilink
    arrow-up
    41
    ·
    8 months ago

    I do regular automated updates. For anything requiring human intervention like the xz thing I trust Lemmy and YouTube to keep me updated. No dedicated news source because if I were to freak out about every new vulnerability found I wouldn’t be able to sleep at night.

      • Björn Tantau@swg-empire.de
        link
        fedilink
        arrow-up
        3
        ·
        8 months ago

        If you had it on a computer that is accessible via SSH from the internet you should proceed under the assumption that it was compromised. Which means you should reinstall from a safe medium and change your keys and passwords.