Re: Bug#496386: The possibility of attack with the help of symlinks in some Debian packages
Charles Plessy wrote:
> Le Mon, Aug 25, 2008 at 07:16:00AM +0200, Christian Perrier a écrit :
>>
>> - timing wrt the release
>> - timing wrt the "half of the developers are VAC" status we generally
>> have in August
>> - the obvious lack of preparation
>
> In addition, security issues should better be reported upstream first so
> that all the distributions have a chance of providing corrected versions
> when the details are made public…
doesn't apply for maintainer scripts, but I agree they should *also* be
reported to upstream.
>
> Have a nice day,
>
Cheers,
Raphael
Reply to: