Hi Purism!
Does Purism do vulnerability management for PureOS operating system? I mean security analysis, CVSS assignment and publishing advisories to users. Something like Debian do: https://www.debian.org/security/
I didn’t found this on Purism web pages.
Maybe Purism has plans for doing this in the future?
Thank you and regards,
Karol
If the question is how does PureOS do CVE management, the answer is that we specifically have designed PureOS with a small delta from Debian so that we can participate in and manage a CVE reporting process relevant to our code base. We essentially inherit Debian’s process for all our packages since they come from upstream with a few exceptions. PureOS is a rolling release so it updates automatically from Debian’s process. We are planning a stable release with a separate security management process and release cadence.
Hi All, @jeremiah
Are plans for stable release with security management process is already established for PureOS?
I am still interested about this. Great trusted Purism hardware need trusted software on it.
Best,
as i read it that’s how he (Jeremiah) meant it above ! if Debian has it then PureOS has it as well …
for PureOS-10-Byzantium there are updates getting in almost daily … but not only security related …
Hello @reC I rather follow per last sentence from Aug’19:
Without explicit own security management process established in PureOS, the operating system is unusable in the contemporary security point of view.