[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security liabilities (Re: radiusd-freeradius history and future)

On Tue, Nov 11, 2003 at 07:44:01PM -0500, Matt Zimmerman wrote:

> This is exactly the kind of situation I don't want going forward...there is
> so much neglected software in Debian that bugs like these sometimes go
> unnoticed, or even if they are noticed, the maintainer doesn't care enough
> about stable to let anyone know about it.  Maintainers are our first line of
> defense against security problems, and usually the best informed about their
> status, and yet maintainers who actively participate in the security update
> process represent a minority (a valuable one).

While I also deplore the general lack of support package maintainers
provide to the Security Team, given that there are several DDs tracking
freeradius upstream (including, at last glance, at least one member of
the Security Team), I have a hard time believing this particular package
will be a problem.  Given that my own interest in this package comes
from a desire to reduce the number of packages I maintain locally,
ensuring the security of the Debian packages implicitly becomes part of
my day job. ;)

Steve Langasek
postmodern programmer

Attachment: pgprxV_JB50rO.pgp
Description: PGP signature

Reply to: