Re: Disappointment in security handling in Debian
-----BEGIN PGP SIGNED MESSAGE-----
On Thursday 01 February 2001 07:01, Daniel Jacobowitz wrote:
> On Wed, Jan 31, 2001 at 08:56:24AM +1100, Craig Small wrote:
> > G'day,
> > I'm writing this to express my frustration at the slowness Debian
> > seems to be afflicted with when it comes to letting people know about
> > our security vulnerabilities and fixes.
> >
> > We seem to be able to find, fix and upload fixed packages quite
> > quickly, however we are usually the last to let others know that they
> > should upgrade to the new packages, making our users unnecessarily
> > vulnerable.
>
> I beg your pardon? This isn't the general case at all. Your example
> is certainly accurate, but to my knowledge lprng is the only thing to
> slip through the cracks that way in a year. We're often behind with
> fixes in general, but when we post a fix the advisory generally goes
> out the same day!
>
> Dan
>
> /--------------------------------\ /--------------------------------\
>
> | Daniel Jacobowitz |__| SCS Class of 2002 |
> | Debian GNU/Linux Developer __ Carnegie Mellon University |
> | dan@debian.org | | dmj+@andrew.cmu.edu |
>
> \--------------------------------/ \--------------------------------/
Dear GNU/Debianites,
"errare humanum est"
Even the best are not perfect.
But security tracking is one of the areas where open source shines the most.
Proprietary closed source systems can't even come remotely close to the
security auditing and security improvement controls implemented by open
source = open scrutiny.
With the security vulnerabilites of the internet, my hope is that there will
soon be a paradigm shift to: "secure by default".
Greetings,
Lucien
--
This message may contain confidential data intended only for the rightful
addressee. Should you receive it by error, please delete it at once and
inform the sender. We encourage the use of encrypted e-mail.
Please visit our web site: http://www.consult-meyers.com
Reply to: