* Scott James Remnant (scott@netsplit.com) wrote: > Most users who care about their machines getting hacked tend to read > things like CERT and Bugtraq. > > Think "ISP" as an example user. Right, and that's the first Debian would hear of it as well if we had a policy to publicly announce exploits the instant we hear of one. Under the current policy we at least have an opportunity to hear about it *before* the CERT advisory and have time to ready a package. Otherwise we find out at the same time everyone else does and don't get to start working on a package until *after* the CERT advisory has gone out. The CERT advisory is going to be released at the same time either way. Debian can either have a package ready (thanks to advance notice), or not. I don't understand how you fail to comprehend that. Stephen
Attachment:
pgpEPRUC9TOMJ.pgp
Description: PGP signature