Re: qpopper [was: what's up with security?]

To: Othmar Pasteka <pasteka@kabsi.at>
Cc: debian-devel@lists.debian.org, security@debian.org
Subject: Re: qpopper [was: what's up with security?]
From: Anand Kumria <wildfire@progsoc.uts.edu.au>
Date: Mon, 29 May 2000 20:52:48 +1000
Message-id: <[🔎] 20000529205248.F4136@ftoomsh.progsoc.uts.edu.au>
Reply-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20000528040353.B25356@kabsi.at>; from pasteka@kabsi.at on Sun, May 28, 2000 at 04:03:53AM +0200
References: <[🔎] 20000524232724.A5157@kitenet.net> <[🔎] 20000525092000.A7783@atrey.karlin.mff.cuni.cz> <[🔎] 20000525111338.C26806@cistron.nl> <[🔎] 20000525012617.U383@plato.local.lan> <[🔎] 20000525134141.B29441@cistron.nl> <[🔎] 20000525035128.B29071@plato.local.lan> <[🔎] 20000525145535.A30242@cistron.nl> <[🔎] 20000528040353.B25356@kabsi.at>

On Sun, May 28, 2000 at 04:03:53AM +0200, Othmar Pasteka wrote:
> hi,
> 
> On Thu, May 25, 2000 at 02:55:36PM +0200, Miquel van Smoorenburg wrote:
> > > sigh, i should really archive more mail myself  (old habit from disk
> > > impaired days)   i don't have an exact pointer, however the message
> > > was sent yesterday (5-24) so its possible its not in the bugtraq
> > > archives.  the maintainers of qpopper posted a message saying
> > > essentially `upgrade to 3.0, 2.53 is buggy' 
> > Right. I'll upload the fixed version in a few minutes.
> 
> nice to know ... but WHERE is the security announcement mail? i

Exactly where it should be. Nowhere.

> don't see any, and this is bad. how should someone (a guy using debian
> and qpopper) reading bugtraq know that 2.53-debian is fixed, when there 

How would the same person know that security related fixes had been made to
Mandrake 7.1b3 (for example)? Do you see any distributions providing
security fixes for beta releases of their distribution?

> is no annoucement but silently discussed on some -devel mailinglist and 
> installed into the archive??

As it should be. unstable == alpha; frozen == beta. Neither have been
released.

If the security flaw exists in a released version of Debian then
we should be telling the world of our fix - otherwise they don't
need to know.

Anand

Reply to:

Follow-Ups:
- Re: qpopper [was: what's up with security?]
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: qpopper [was: what's up with security?]
  - From: Jordi Mallach <jordi@sindominio.net>
- Re: qpopper [was: what's up with security?]
  - From: Daniel Jacobowitz <dan@debian.org>

References:
- what's up with security?
  - From: Joey Hess <joeyh@debian.org>
- Re: what's up with security?
  - From: Petr Cech <cech@atrey.karlin.mff.cuni.cz>
- Re: what's up with security?
  - From: Miquel van Smoorenburg <miquels@cistron.nl>
- Re: what's up with security?
  - From: Ethan Benson <erbenson@alaska.net>
- Re: what's up with security?
  - From: Miquel van Smoorenburg <miquels@cistron.nl>
- Re: what's up with security?
  - From: Ethan Benson <erbenson@alaska.net>
- Re: qpopper [was: what's up with security?]
  - From: Miquel van Smoorenburg <miquels@cistron.nl>
- Re: qpopper [was: what's up with security?]
  - From: Othmar Pasteka <pasteka@kabsi.at>

Prev by Date: STOP THIS (was: to reiterate, why are there no security updates on the front page? (Or, 17 security holes the security team hasn't told you about))
Next by Date: Re: qpopper [was: what's up with security?]
Previous by thread: Re: qpopper [was: what's up with security?]
Next by thread: Re: qpopper [was: what's up with security?]
Index(es):
- Date
- Thread