Bug#339837: http://www.debian.org/security/ seriously misleading about security infrastructure performance
Javier Fernández-Sanguino Peña a écrit :
I don't know what that data comes from, but I did produce some statistics a
I guess that whomever disagrees with the current claim should produce hard
evidence against it.
I'd like to be sure about which claim you refer to. The current claim is
the one that says that Debian *does* issue fixes for most problems under
48 hours, right? I'm asking since if I understand right the statistics
you produced do make the bug valid.
That looks interesting but also like a 404. I red your 2001 post and one
of the attachments is integrated in the text. I don't know how to view
it. I also don't know how to use the bin00000.bin attached. gunzip-ing
and trying a PNG viewer on it seemed to fail.
It is not that difficult to craft, just take the CVE
database, other vendor's advisories, Bugtraq and our list of DSAs, put it in
the same database and generate a report of "time to fix" in Debian for the
PS: Contact me through private e-mail if anybody wants some of the scripts I
used for the statistics above. BTW, some of the data is available at
http://people.debian.org/~jfs/debconf/security/data/, but not the scripts.