[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian glibc security update


"Debian took two months to distribute a fix for a glibc buffer overflow
vulnerability. This week's glibc updates from Debian and Slackware
distribute a fix for the problem about two months after the first update
from Red Hat on December 14th."

I don't know what calendar the LWN editorial staff uses, but where I
live, the duration from December 14th to January 13th (the day the
Debian security advisory was released), more closely resembles one month
than two.  (I would agree that falling behind even Red Hat is pretty
damning in the public eye, though.)

Perhaps your point would be better taken if your arithmetic were more

In any event, if LWN would like to see things moving faster on this
front, Debian would be more than happy to see more
porters/build-daemon-log-auditors for the m68k and ARM architectures.
Good, well-connected hardware based on these processors would also be a
major help.  Perhaps LWN can help us to put out the call for these

Red Hat can buy whatever they want, and drop support for whatever they
don't.  Such choices are much more difficult for Debian.  For some
machine architectures the only major Linux distribution continuing to
provide software and support is Debian.

G. Branden Robinson                |
Debian GNU/Linux                   |              It tastes good.
branden@debian.org                 |              -- Bill Clinton
http://people.debian.org/~branden/ |

Attachment: pgpKtg8zRl6Wx.pgp
Description: PGP signature

Reply to: