On Thu, 2014-10-16 at 10:55 +1100, Brian May wrote: > What about security updates? Should Debian be releasing wheezy > security updates for browsers, web servers, etc, that disable SSLv3 > by default now that SSLv3 is considered insecure? I'd guess that as soon as the respective vendor issues an update, the security team from Debian will as usual be amongst the fastest to deploy it :-) My thread/bug though was more about how to deal with upstreams which typically react too slow (well at least in my opinion :) ), and how to keep track and deal with those, for which it's unknown whether upstream takes an eye on crypto developments at all (e.g. the small libraries and Perl/Python/etc. modules coming to my mind). Cheers, Chris.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature