Re: Disappointment in security handling in Debian

To: debian-security@lists.debian.org
Subject: Re: Disappointment in security handling in Debian
From: Daniel Jacobowitz <dan@debian.org>
Date: Thu, 1 Feb 2001 01:01:39 -0500
Message-id: <20010201010139.A3720@drow.them.org>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <20010131085624.A11355@eye-net.com.au>; from csmall@eye-net.com.au on Wed, Jan 31, 2001 at 08:56:24AM +1100
References: <20010131085624.A11355@eye-net.com.au>

On Wed, Jan 31, 2001 at 08:56:24AM +1100, Craig Small wrote:
> G'day,
>   I'm writing this to express my frustration at the slowness Debian
> seems to be afflicted with when it comes to letting people know about
> our security vulnerabilities and fixes.
> 
> We seem to be able to find, fix and upload fixed packages quite
> quickly, however we are usually the last to let others know that they
> should upgrade to the new packages, making our users unnecessarily
> vulnerable.

I beg your pardon?  This isn't the general case at all.  Your example
is certainly accurate, but to my knowledge lprng is the only thing to
slip through the cracks that way in a year.  We're often behind with
fixes in general, but when we post a fix the advisory generally goes
out the same day!

Dan

/--------------------------------\  /--------------------------------\
|       Daniel Jacobowitz        |__|        SCS Class of 2002       |
|   Debian GNU/Linux Developer    __    Carnegie Mellon University   |
|         dan@debian.org         |  |       dmj+@andrew.cmu.edu      |
\--------------------------------/  \--------------------------------/

Reply to:

Follow-Ups:
- Re: Disappointment in security handling in Debian
  - From: A.L.Meyers <a.l.meyers@consult-meyers.com>
- Re: Disappointment in security handling in Debian
  - From: Mathieu Dessus <mdessus@free.fr>

Next by Date: Re: portsentry dangerous? hardly; RTFM. (was Re: checking security logs)
Next by thread: Re: Disappointment in security handling in Debian
Index(es):
- Date
- Thread