Re: Is Debian affected by the recent MySQL sql/password.c flow?
On 06/12/2012 10:25 AM, Aron Xu wrote:
> I'm not expecting to hide anything, but it's harmful to announce the
> world by a discussion in debian-devel that we are affected with no
> solution provided, at the time related people (means the maintainers
> and Security Team, not including the user - like you) haven't said a
> word about it.
If Debian was affected (which it seems it is not), you wouldn't be able
to keep that secret for more than few minutes. You can be 100% sure
that a bunch of hackers would already be playing with your MySQL
server. And this, even before you hear about this.
If such a disaster happens, then it's better to know asap, so critical
servers can be patched asap too (even before Debian releases or
announces anything). The harm would be to believe not posting in
debian-devel is changing anything.
I agree I should have posted in email@example.com though.
p.s: Anyway, it seems we're safe this time, even in SID! :)