[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bad press again...

[Martin F Krafft]
>> And prospective security team members should start working in the
>> testing security team.  There are no need to keep secrets (all is done
>> in public),
>
> Which doesn't address the problem that embargoed bugs are possibly
> handled suboptimally in Debian.
>
> And it does not address the problem that our security infrastructure
> went down for a while and we found out about it from a German news
> magazine.

True, it does not address those problems, and we should try to address
them.  But it does address other related problems, and we will be a
lot better of if all the _public_ security issues in debian were
solved, and having a proven security framework for testing and
unstable might make it easier to adjust the framework used for stable
to make it better.  If all the public issues are solved, I believe it
is easier to address the handling of non-public ones.

In short, I see no downsides to helping out the testing security team
while we at the same time try to address the issues with stable
security work.
Reply to: