[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian security being trashed in Linux Today comments

On Tue, 2002-01-15 at 01:05, Tim Haynes wrote:
> Adam Warner <lists@consulting.net.nz> writes:
> > http://www.linuxtoday.com/news_story.php3?ltsn=2002-01-14-002-20-SC-DB
> >
> > Someone with better knowledge of all the facts might want to comment on
> > the claim that "Debian is always the last to fix security holes" and the
> > tag team follow up "I've been fighting for months now to try to convince
> > them to release an advisory or fix for ftpd..."
> Some of us wouldn't dare say such things without at least reviewing the
> given distro's security policy, FAQ and history.
> <http://www.debian.org/security/> is over there ---> .

I'm aware that Debian manages to get advisories out extremely
quickly--in some cases before any other distribution. But I'm not aware
of the history of the second posters claims.

I did recently note that the latest exim advisory was released on 4
January but the fix for uncontrolled program execution was posted by
Philip Hazel on 19 December. That's no 48 hours. And the patch was even
provided in the post [in this case I suspect the post by Philip Hazel
was missed].

But I was really impressed that updates for unstable/testing were
released at the same time. For those of us that use/test the bleeding
edge on our systems it's a great reassurance to see the security team
giving consideration to the security of testing/unstable.


Reply to: