[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: qpopper [was: what's up with security?]

On Mon, May 29, 2000 at 08:52:48PM +1000, Anand Kumria wrote:
> > nice to know ... but WHERE is the security announcement mail? i
> Exactly where it should be. Nowhere.


> How would the same person know that security related fixes had been made to
> Mandrake 7.1b3 (for example)? Do you see any distributions providing
> security fixes for beta releases of their distribution?

Other distributions don't release every 16 months.
Other distributions don't have as many users running unreleased versions.
Many production servers I know of are using Potato since March. Slashdot and
Freshmeat, to put an unsignificant example.

With these people using unreleased Debian distributions, I think security
announcements for at least frozen is not that bad. And of course, we are not
Mandrake (and we don't have a 7.1 version :)

> If the security flaw exists in a released version of Debian then
> we should be telling the world of our fix - otherwise they don't
> need to know.

Of course they do.

Jordi Mallach Pérez || jordi@pusa.informat.uv.es || Rediscovering Freedom,
ka Oskuro in RL-MUD || jordi@sindominio.net      || Using Debian GNU/Linux

http://sindominio.net  GnuPG public information:      pub  1024D/917A225E 
telnet pusa.uv.es 23   73ED 4244 FD43 5886 20AC  2644 2584 94BA 917A 225E

Attachment: pgpyM7AA7nIt6.pgp
Description: PGP signature

Reply to: