Re: Guidance for CVE triage and listing packages in dla-needed.txt

["Chris Lamb" <lamby@debian.org>]

Raphael Hertzog wrote:

> Those numbers are quite surprising. I hope there's some error somewhere
> otherwise I wonder what has been done in the 2400+ hours paid each year to
> work on LTS... I'm pretty sure we have fixed more than 58 CVE. The average
> month has 20 to 30 updates (see
> https://lists.debian.org/debian-lts-announce/2024/03/threads.html for
> example).

Mmm, I highly suspect some counting mishap here. A quick, dirty (and
likely inexact) grep across my last 12 LTS reports indicates I alone
have addressed over 40.


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org 🍥 chris-lamb.co.uk
       `-