Re: Proposal for removal of mICQ package
On Sat, Feb 15, 2003 at 07:54:11PM +0100, Florian Weimer wrote:
> If such things happen, how can you trust the Debian Project to
> deliever uncompromised software?
It was one isolated event. One version of one package in an archive of
<insert huge number here> over a duration of <insert age of Debian here>
years.
In this one isolated incident, the only result was one package broke
badly, it didn't result in the loss of any data.
Maintainers will now be more alert now it has happened once, and watch
out to avoid it happening again.
I think this is the best we can do, it is close to perfect, but not
quite perfect. It could happen again. Next time could even be worse.
(I think we need to keep things in perspective here).
If it matters this much to you or to your bussiness that there be no
security holes, perhaps it would really be worthwhile employing people
to audit the code you use for potential security problems.
--
Brian May <bam@debian.org>
Reply to: