http://lwn.net/2002/0117/security.php3 "Debian took two months to distribute a fix for a glibc buffer overflow vulnerability. This week's glibc updates from Debian and Slackware distribute a fix for the problem about two months after the first update from Red Hat on December 14th." I don't know what calendar the LWN editorial staff uses, but where I live, the duration from December 14th to January 13th (the day the Debian security advisory was released), more closely resembles one month than two. (I would agree that falling behind even Red Hat is pretty damning in the public eye, though.) Perhaps your point would be better taken if your arithmetic were more accurate? In any event, if LWN would like to see things moving faster on this front, Debian would be more than happy to see more porters/build-daemon-log-auditors for the m68k and ARM architectures. Good, well-connected hardware based on these processors would also be a major help. Perhaps LWN can help us to put out the call for these resources. Red Hat can buy whatever they want, and drop support for whatever they don't. Such choices are much more difficult for Debian. For some machine architectures the only major Linux distribution continuing to provide software and support is Debian. -- G. Branden Robinson | Debian GNU/Linux | It tastes good. branden@debian.org | -- Bill Clinton http://people.debian.org/~branden/ |
Attachment:
pgp03F5oIeQqy.pgp
Description: PGP signature