On Mon, May 29, 2000 at 08:52:48PM +1000, Anand Kumria wrote: > > nice to know ... but WHERE is the security announcement mail? i > Exactly where it should be. Nowhere. Cool. > How would the same person know that security related fixes had been made to > Mandrake 7.1b3 (for example)? Do you see any distributions providing > security fixes for beta releases of their distribution? Other distributions don't release every 16 months. Other distributions don't have as many users running unreleased versions. Many production servers I know of are using Potato since March. Slashdot and Freshmeat, to put an unsignificant example. With these people using unreleased Debian distributions, I think security announcements for at least frozen is not that bad. And of course, we are not Mandrake (and we don't have a 7.1 version :) > If the security flaw exists in a released version of Debian then > we should be telling the world of our fix - otherwise they don't > need to know. Of course they do. -- Jordi Mallach Pérez || jordi@pusa.informat.uv.es || Rediscovering Freedom, ka Oskuro in RL-MUD || jordi@sindominio.net || Using Debian GNU/Linux http://sindominio.net GnuPG public information: pub 1024D/917A225E telnet pusa.uv.es 23 73ED 4244 FD43 5886 20AC 2644 2584 94BA 917A 225E
Attachment:
pgp63A3OS31Rm.pgp
Description: PGP signature