[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: The New Security Build Infrastructure

Florian Weimer wrote:

> Stephen Stafford <stephen@clothcat.demon.co.uk> writes:
> >> By the way, handling security updates this way conflicts more and more
> >> with the Social Contract in its current form.
> >> 
> >
> > Didn't we already *have* this flamewar recently?
> Well, that time, it was generally assumed that the Debian won't take
> active measures to hide problems from its users.  This is no longer
> the case.
I don't think we should hide problems.

If there's a potential exploit for a server, I want to know about it as
soon as the developers do so I can shut down that server until they come
up with a fixed version.

Just because there isn't a fixed version yet, does not mean that there
isn't a fairly knowledgeable hacker who's managed to exploit it.

My 2p, anyway.

Scott James Remnant     Have you ever, ever felt like this?  Had strange
http://netsplit.com/      things happen?  Are you going round the twist?

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: