Re: Concerns about how the Security information is presented on Debian.org
Davide Prina <davide.prina@gmail.com>wrote:
> you must understand that who report a security problem can be a different person
The point is, to quote the paper:
"a vast majority of vulnerabilities and their corresponding security patches remain beyond public exposure"
Vulnerabilities are fixed in fresh versions of software. The versions in Stable stay vulnerable, even if all CVEs are reported to Debian (which I don't think is the case) and even if they are all fixed quickly (which is definitely not the case) It's a limitation of Debian's and RH's approach, compared to the rolling-release approach. This is one of the two things I mentioned that debian.org/security is not telling you.
> chromium has been removed from testing
That doesn't help people who trusted debian.org/security and are running it.
--
Sent with https://mailfence.com
Secure and private email
Reply to: