Re: DSA 438 - bad server time, bad kernel version or information delayed?
On Fri, Feb 20, 2004 at 01:40:23PM +0100, Simon Josefsson wrote:
Is it entirely impossible to have two security teams, or split the
current security team into two parts? One part that patches Debian
packages as soon as technically possible, and one part that follows
various CERT timing requirements? I can't see how CERT would
reasonable object to that model, as long as no information flow from
the CERT team to the non-CERT team, and it would allow the Debian
users to have access to fixes as soon as possible.
What on earth would the point of that be? If the reporting party doesn't
set a release timetable then fixes are simply released once they're