“I’ve been writing security digests now for several months, for
Linux and BSD. This means I read pretty much every single vendor
issued security advisory, along with advisories for software
packages on Bugtraq and other mailing lists/websites/etc. I am
happy to say that most Linux distributions and vendors are doing a
pretty good job on their security advisories, but not all are
perfect. A security advisory is a complex thing to write
properly….”
“PGP/GnuPG keys: would it be too hard to have them signed
properly and posted in an easy to find location on the Web? Caldera
is especially guilty in this respect. I could not find their
PGP key on their website, and when I searched the keyservers I
found several, but since their keys are not signed by any other
keys (self signed, absolutely useless) they are of questionable
value. Shame on Caldera. Vendors should get together and at least
sign each others’ keys, and maybe get luminaries such as Linus
Torvalds or Werner Koch (author of GnuPG) to sign their keys.”