[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

debian-security-announce-$lang@lists?



Hi,

what do other developers think about localized lists for security
advisories, such as debian-security-announce-$lang@lists?

Currently, all DSAs are released via mail in english on
debian-security-announce@lists and copied to www.debian.org
afterwards, where they will be picked up by seven[1] fellow translators
who produce the text part in their native tongue.

This means that people who are interested in security, should
subscribe to the -announce list for immediate notification.  Those who
prefer an advisory in their native tongue will have to wait up to one
day to see the translation online.

Establishing localized -announce lists could impose an unacceptable
delay before the translated advisory gets posted to the localized
list.  This will probably be the case especially with long
advisories[2] or when translators are on their holidays or simply too
busy to maintain the translation properly[3] or if Debian releases a
couple of advisories on one day[4].

This could lead to a false assumtion that no vulnerabilities were
found and fixed, leaving a system  vulnerable longer than it would be
considered acceptable.

Given the above, what do you think about establishing localized
security-announce lists?  Please discuss this issue on debian-security
and not on debian-devel or debian-project to reach a larger audience.

Regards,

	Joey

1. Danish, French, German, Japanese, Portuguese, Spanish and Swedish
2. See DSA 134 as a very bad example (Murphy...) or DSA 148
3. No harm intended, this happens to some people all the time (e.g. myself)
4. *cough* DSA 149, 150, 151 and 152 were released at the same day

-- 
Unix is user friendly ...  It's just picky about its friends.

Please always Cc to me when replying to me on the lists.



Reply to: