[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Disappointment in security handling in Debian

On Wed, Jan 31, 2001 at 08:56:24AM +1100, Craig Small wrote:
> G'day,
>   I'm writing this to express my frustration at the slowness Debian
> seems to be afflicted with when it comes to letting people know about
> our security vulnerabilities and fixes.
> We seem to be able to find, fix and upload fixed packages quite
> quickly, however we are usually the last to let others know that they
> should upgrade to the new packages, making our users unnecessarily
> vulnerable.

I beg your pardon?  This isn't the general case at all.  Your example
is certainly accurate, but to my knowledge lprng is the only thing to
slip through the cracks that way in a year.  We're often behind with
fixes in general, but when we post a fix the advisory generally goes
out the same day!


/--------------------------------\  /--------------------------------\
|       Daniel Jacobowitz        |__|        SCS Class of 2002       |
|   Debian GNU/Linux Developer    __    Carnegie Mellon University   |
|         dan@debian.org         |  |       dmj+@andrew.cmu.edu      |
\--------------------------------/  \--------------------------------/

Reply to: