On Tue, 25 Apr 2006 00:31:45 +0200 Javier Fernández-Sanguino Peña wrote:
> On Sun, Apr 23, 2006 at 11:57:00AM +0200, Francesco Poli wrote:
> > I think that a page very similar to
> > http://spohr.debian.org/~joeyh/testing-security.html
> > would help making the public aware of how things are going on for
> > Debian stable, from a security point of view.
>
> The problem is, there is no such data. Some of the information handled
> by the stable security team is "private" (vulnerabilities are handled
> through vendor mailing lists before full disclosure).
>
> I have asked a public interface to the stable security team in the
> past to their data but it doesn't seem to be possible.
I think that this should be changed, as the SC states:
| 3. We will not hide problems
| We will keep our entire bug report database open for public view
| at all times. Reports that people file online will promptly
| become visible to others.
Even if the explanation talks about the BTS in particular, I think that
the spirit of SC#3 should apply to other areas too (e.g. problems that
are known to some DDs, but are not yet reported to the BTS).
--
:-( This Universe is buggy! Where's the Creator's BTS? ;-)
......................................................................
Francesco Poli GnuPG Key ID = DD6DFCF4
Key fingerprint = C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
Attachment:
pgpk8qz8K2xkT.pgp
Description: PGP signature