Re: Bad press related to (missing) Debian security

To: martin f krafft <madduck@debian.org>
Cc: debian-security@lists.debian.org
Subject: Re: Bad press related to (missing) Debian security
From: Adam Majer <adamm@zombino.com>
Date: Tue, 28 Jun 2005 14:30:57 -0500
Message-id: <[🔎] 42C1A571.8070105@zombino.com>
In-reply-to: <[🔎] 20050628101626.GA26574@cirrus.madduck.net>
References: <[🔎] 1119878719.42bffe3fdf2ba@webmail.in-berlin.de> <[🔎] 20050627182637.GN9833@alcor.net> <[🔎] Pine.LNX.4.62.0506272033390.7162@orion> <[🔎] 200506272105.27880.aragorn@tiscali.nl> <[🔎] Pine.LNX.4.62.0506280839450.11385@orion> <[🔎] 20050628070038.GB10397@cirrus.madduck.net> <[🔎] Pine.LNX.4.62.0506281027130.12089@orion> <[🔎] 20050628090416.GA8021@hezmatt.org> <[🔎] Pine.LNX.4.62.0506281132400.12612@orion> <[🔎] 20050628101626.GA26574@cirrus.madduck.net>

martin f krafft wrote:

>It surprised everyone, even though it was not a real surprise -- if
>that makes sense. The security team has been a major weakness of
>Debian for a while. It was only a question of time until it all came
>down on Joey.
>
>Anyway, if you like Debian, then you should keep using it. The
>current situation is unacceptable, and we are all aware of this. But
>the good news is that a lot of people are working on it, and after
>the stereotypical blow in the face, we'll have something to learn to
>prevent such problems in the future.
>
>So bear with us for just a little while more, consider disabling the
>affected services for now, or roll your own security updates until
>we caught up.
>  
>

I think this is a much better reply than telling people to
    * use other distributions (Suse, RHEL, Fedora, Ubuntu, whatever),
    * use sid, or
    * roll your own security

I've been using Debian since Slink and I think this is one of the very
few times Debian was cought with its security pants down. I don't think
I am affected yet, with exception of spamassassin so let's hope Debian
can catch up before the next remote hole in squid, apache2 or racoon.

- Adam

Reply to:

References:
- Bad press related to (missing) Debian security
  - From: "W. Borgert" <debacle@debian.org>
- Re: Bad press related to (missing) Debian security
  - From: Matt Zimmerman <mdz@debian.org>
- Re: Bad press related to (missing) Debian security
  - From: Marek Olejniczak <marek@olmar.poznan.pl>
- Re: Bad press related to (missing) Debian security
  - From: Frans Pop <aragorn@tiscali.nl>
- Re: Bad press related to (missing) Debian security
  - From: Marek Olejniczak <marek@olmar.poznan.pl>
- Re: Bad press related to (missing) Debian security
  - From: martin f krafft <madduck@debian.org>
- Re: Bad press related to (missing) Debian security
  - From: Marek Olejniczak <marek@olmar.poznan.pl>
- Re: Bad press related to (missing) Debian security
  - From: Matthew Palmer <mpalmer@debian.org>
- Re: Bad press related to (missing) Debian security
  - From: Marek Olejniczak <marek@olmar.poznan.pl>
- Re: Bad press related to (missing) Debian security
  - From: martin f krafft <madduck@debian.org>

Prev by Date: Re: handling private keys
Next by Date: Re: Bad press related to (missing) Debian security
Previous by thread: Re: Bad press related to (missing) Debian security
Next by thread: How to help the security team (was Re: Bad press related to (missing) Debian security)
Index(es):
- Date
- Thread