[Opensim-users] Is there a security announcement page and / or e-mail announcement address that will tell me if I need to upgrade OpenSim because of a security issue?

[Justin Clark-Casey]

In the long term I think that this is a good idea, but at the moment I don't think that there is enough developer 
resource/interest yet to create a separate list or page.

OpenSim shouldn't be subject to classic C issues such as buffer overruns since it runs within a virtual machine 
(.NET/Mono) if that's what you're worried about.  Vulnerabilities in the VM would belong to these projects rather than 
OpenSim.  Of course, there's still the possibility of security issues within the OpenSim system itself (e.g. 
unauthorized deletion of prims).

I'm afraid that the solution for now for security issues is to watch these lists, perhaps external blogs and the commit 
messages/mailing list if you're really worried about internal OpenSim system issues.

On 03/01/12 02:05, Edmund Edgar wrote:
> When, like with OpenSim, I install software from source on a server I
> run, I like to make sure that if somebody finds a security hole that I
> need to take care of, I'm going to find out about it.
>
> I don't think there are a lot of recent issues I need to particularly
> worry about, but if something does show up, is there a way to be sure
> I'll know about it, apart from reading this list diligently? Something
> like:
> 1) A low-traffic announcements e-mail list that I can subscribe to.
> 2) A page that I can check periodically where I know I'll be able to
> find information about security issues, if there are any.
>
> This is how Drupal does it: A newsletter that will send me stuff, and
> a page I can check periodically in case I've missed something. (They
> also have RSS feeds.)
> http://drupal.org/security
>
> If not, could we have one?
>


-- 
Justin Clark-Casey (justincc)
http://justincc.org/blog
http://twitter.com/justincc