[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 195-1] New Apache-Perl packages fix several vulnerabilities

On Thu, Nov 14, 2002 at 02:23:30AM +0700, Jean Christophe ANDRÉ remarked:

> Raymond Wood écrivait :
> > Respectfully, does anyone know when Sid will receive patches
> > for the previous Apache vulnerabilities that were fixed for
> > Potato and Woody, but not Sid? It's been days... Raymond

> Because Sid's aim is to allow you to test bugs... and enjoy
> viruses! <g> ;-)

That was not my question - read again if you must.

> Sid is work-in-progress and should not be installed on any
> server; so it is not aware of security issues. Sometimes the
> security team graciously fix some *important* security bugs to
> allow us to continue testing on our computer without to much
> troubles... But don't expect it for each one!

I am fully aware of the Security team's 'official policy'
regarding Sid and security updates.  I also think I, and
probably others, are getting weary of these same old tired
responses that quote policy, but do very little to help.

The relevant DSA in question itself stated something to the
effect 'a fix for Sid will appear soon'.  At this point I am
wondering how soon or how late:  I mean are we talking about
days or weeks at this point?  It makes no sense to leave Sid
vulnerable for any longer than necessary, for the fact is there
*are* desktop user's who do use Sid, because it is cutting edge.
Are these people just to wait like sitting ducks until their
systems are compromised?  This would make no sense to me.

So my question stands.


Attachment: pgpMTrIwts4fK.pgp
Description: PGP signature

Reply to: