On Tue, Nov 11, 2003 at 07:44:01PM -0500, Matt Zimmerman wrote: > This is exactly the kind of situation I don't want going forward...there is > so much neglected software in Debian that bugs like these sometimes go > unnoticed, or even if they are noticed, the maintainer doesn't care enough > about stable to let anyone know about it. Maintainers are our first line of > defense against security problems, and usually the best informed about their > status, and yet maintainers who actively participate in the security update > process represent a minority (a valuable one). While I also deplore the general lack of support package maintainers provide to the Security Team, given that there are several DDs tracking freeradius upstream (including, at last glance, at least one member of the Security Team), I have a hard time believing this particular package will be a problem. Given that my own interest in this package comes from a desire to reduce the number of packages I maintain locally, ensuring the security of the Debian packages implicitly becomes part of my day job. ;) -- Steve Langasek postmodern programmer
Attachment:
pgprxV_JB50rO.pgp
Description: PGP signature