Re: BoF: Supporting 15,000 packages - How much support do we mean?

To: debian-devel@lists.debian.org
Subject: Re: BoF: Supporting 15,000 packages - How much support do we mean?
From: Bernd Zeimetz <bernd@bzed.de>
Date: Thu, 31 May 2007 01:43:02 +0200
Message-id: <[🔎] 465E0C06.6070902@bzed.de>
In-reply-to: <[🔎] 20070530071559.GA19662@santiago.connexer.com>
References: <[🔎] 1180479098.4164.52.camel@deadeye.i.decadent.org.uk> <[🔎] 20070530024634.GO19665@borges.dodds.net> <[🔎] 20070530071559.GA19662@santiago.connexer.com>

> AFAIK, most security bugs are never reported to MITRE or Secunia or the
> like.  For most "smaller" projects, I would guess that that majority of
> security bugs are fixed in the normal course of development without any
> sort of special advisories, except perhaps in the changelog published by
> upstream.  


if it is mentioned at all. Chance is good that projects, which do not
actively announce security issues, won't mention them in the changelogs.
Some people really think that fixing security bugs silently is better
than the "bad" publicity from an announcement.

-- 
Bernd Zeimetz
<bernd@bzed.de>                         <http://bzed.de/>

Reply to:

References:
- BoF: Supporting 15,000 packages - How much support do we mean?
  - From: Ben Hutchings <ben@decadent.org.uk>
- Re: BoF: Supporting 15,000 packages - How much support do we mean?
  - From: Steve Langasek <vorlon@debian.org>
- Re: BoF: Supporting 15,000 packages - How much support do we mean?
  - From: Roberto C. Sánchez <roberto@connexer.com>

Prev by Date: Re: python, then C++, or C++ from the start?
Next by Date: Re: BoF: Supporting 15,000 packages - How much support do we mean?
Previous by thread: Re: BoF: Supporting 15,000 packages - How much support do we mean?
Next by thread: Re: BoF: Supporting 15,000 packages - How much support do we mean?
Index(es):
- Date
- Thread