[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]



what do other developers think about localized lists for security
advisories, such as debian-security-announce-$lang@lists?

Currently, all DSAs are released via mail in english on
debian-security-announce@lists and copied to www.debian.org
afterwards, where they will be picked up by seven[1] fellow translators
who produce the text part in their native tongue.

This means that people who are interested in security, should
subscribe to the -announce list for immediate notification.  Those who
prefer an advisory in their native tongue will have to wait up to one
day to see the translation online.

Establishing localized -announce lists could impose an unacceptable
delay before the translated advisory gets posted to the localized
list.  This will probably be the case especially with long
advisories[2] or when translators are on their holidays or simply too
busy to maintain the translation properly[3] or if Debian releases a
couple of advisories on one day[4].

This could lead to a false assumtion that no vulnerabilities were
found and fixed, leaving a system  vulnerable longer than it would be
considered acceptable.

Given the above, what do you think about establishing localized
security-announce lists?  Please discuss this issue on debian-security
and not on debian-devel or debian-project to reach a larger audience.



1. Danish, French, German, Japanese, Portuguese, Spanish and Swedish
2. See DSA 134 as a very bad example (Murphy...) or DSA 148
3. No harm intended, this happens to some people all the time (e.g. myself)
4. *cough* DSA 149, 150, 151 and 152 were released at the same day

Unix is user friendly ...  It's just picky about its friends.

Please always Cc to me when replying to me on the lists.

Reply to: