Thoughts about information policy
Dear Debian Security Team,
I'd like to put under your consideration current Debian information policy.
What has pushed me to write this message is the fact, that I got to know about outdated version of chromium package in Debian on Reddit- one might say- accidentaly.
This situation has put me into deep concern- I don't want to constantly think about my PC. I want to perform regular updates and that's it. Am I obligued to follow web forums?
Reddit users adviced me to follow Debian Security Tracker and subscribe to security-announce mailing list. Former lists vulnerabilities not only for chromium but also for linux kernel, firefox-esr etc.- I don't know where is the point when I shouldn't use certain package at all. Latter solution seems unimportant to me- messages inform about found vulnerabilities and advice to perform an update. For me it's enough to perform apt update && apt upgrade commands daily.
Security-announce mailing list would have more sense to me if it contained warnings about not using certain package at all- warning on chromium wiki site is certainly insufficient. Then it should be highly recommended to subscribe to such a list immediately after install.
Another, maybe even better option- creating a newsletter- something like Ubuntu's Weekly Newsletter or Fedora Magazine.
Looking forward to hearing from you.
Regards,
Paweł Starzyński
--
Wiadomość wysłana za pomocą serwisu Tutanota, oferującego bezpieczną i wolną od reklam usługę e-mail:
https://tutanota.com
Reply to: