Security Notices


#1

Chefs,

I’ve read the docs at https://www.chef.io/security/

Is there a related mailing list which we can subscribe to receive
these security and other critical notices from chef and other trusted
sources.

If there isn’t should there be a Security mailing list?

How do others track/patch the vulnerabilities with associated chef dependencies?


Kind Regards
Damien

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the sender. This message contains confidential information and is
intended only for the individual named. If you are not the named
addressee you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if you have received
this e-mail by mistake and delete this e-mail from your system. If you
are not the intended recipient you are notified that disclosing,
copying, distributing or taking any action in reliance on the contents
of this information is strictly prohibited.


#2

Damien,

Any security-related announcements from Chef Software will be posted on
this mailing list and tagged with “security” on the Chef blog:
https://www.chef.io/blog/tag/security/

I don’t have an opinion as to whether or not there should be a separate
mailing list for security-related matters.

As far as patching Chef client vulnerabilities on nodes goes, I think many
people use the omnibus-updater cookbook:

This mailing list would be the right place to have any further discussion
about things we can do to improve how this all works. Hope that helps.

On Tue, Aug 11, 2015 at 8:32 AM, Damien Roche dcroche@gmail.com wrote:

Chefs,

I’ve read the docs at https://www.chef.io/security/

Is there a related mailing list which we can subscribe to receive
these security and other critical notices from chef and other trusted
sources.

If there isn’t should there be a Security mailing list?

How do others track/patch the vulnerabilities with associated chef
dependencies?


Kind Regards
Damien

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the sender. This message contains confidential information and is
intended only for the individual named. If you are not the named
addressee you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if you have received
this e-mail by mistake and delete this e-mail from your system. If you
are not the intended recipient you are notified that disclosing,
copying, distributing or taking any action in reliance on the contents
of this information is strictly prohibited.


Nathan L Smith
smith@chef.io


#3

Thanks for the feedback Nathan.

Much appreciated.