[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: The New Security Build Infrastructure

* Scott James Remnant (scott@netsplit.com) wrote:
> Most users who care about their machines getting hacked tend to read
> things like CERT and Bugtraq.
> Think "ISP" as an example user.

Right, and that's the first Debian would hear of it as well if we had a
policy to publicly announce exploits the instant we hear of one.  Under
the current policy we at least have an opportunity to hear about it
*before* the CERT advisory and have time to ready a package.  Otherwise
we find out at the same time everyone else does and don't get to start
working on a package until *after* the CERT advisory has gone out.

The CERT advisory is going to be released at the same time either way.
Debian can either have a package ready (thanks to advance notice), or
not.  I don't understand how you fail to comprehend that.


Attachment: pgpEPRUC9TOMJ.pgp
Description: PGP signature

Reply to: