Re: Bad press again...
[Martin F Krafft]
>> And prospective security team members should start working in the
>> testing security team. There are no need to keep secrets (all is done
>> in public),
>
> Which doesn't address the problem that embargoed bugs are possibly
> handled suboptimally in Debian.
>
> And it does not address the problem that our security infrastructure
> went down for a while and we found out about it from a German news
> magazine.
True, it does not address those problems, and we should try to address
them. But it does address other related problems, and we will be a
lot better of if all the _public_ security issues in debian were
solved, and having a proven security framework for testing and
unstable might make it easier to adjust the framework used for stable
to make it better. If all the public issues are solved, I believe it
is easier to address the handling of non-public ones.
In short, I see no downsides to helping out the testing security team
while we at the same time try to address the issues with stable
security work.
Reply to: