this post was submitted on 03 Mar 2025
56 points (98.3% liked)

Selfhosted

43307 readers
349 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
56
How do you keep track of vulnerabilities? (lemmy.world)
submitted 3 days ago by [email protected] to c/[email protected]
38 comments fedilink hide all child comments
 

I'm having trouble staying on top of updates for my self hosted applications and infrastructure. Not everything has auto updates baked in and some things you may not want to auto update. How do y'all handle this? How do you keep track of vulnerabilities? Are there e.g. feeds for specific applications I can subscribe to via RSS or email?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 15 points 3 days ago (1 children)

I don't.

Yeah, hot take, but basically there's no point to me having to keep track of all that stuff and excessively worry about the dangers of modernity and sacrifice the spare time I have on watching update counter go brrrr of all things, when there's entire peoples and agencies in charge of it.

I just run unattended-upgrades (on Debian), pin container image tags to only the major version number where available, run rebuild of containers twice a week, and go enjoy the data and media I built the containers and installed for software for.

[–] 9488fcea02a9 4 points 3 days ago* (last edited 3 days ago) (1 children)

I think the problem is that a lot of people are just running flatpaks, dockers, and third party repos which might not be getting timely updates.

I try to stick to debian packages for everything as much as possible for this reason.

[–] [email protected] 2 points 2 days ago

Regarding things like dockers and flatpaks, I mostly "solve" it by only running official images, or at least images from the same dev as the program, where possible.

But also IMO there's little to no reason to fear when using things like flatpaks. Most exploits one hears of nowadays are of the kind "your attacker needs to get a shell into your machine in the first place" or in some cases evn "your attacker needs to connect to an instance of a specific program you are running, with a specific config", so if you apply any decent opsec that's already a v high barrier of entry.

And speaking of Debian, that does bring to mind the one beef I have with their packaging system: that when installing a package it starts the related services by default, without even giving you time to configure them.