Re: Sendmail vulnerability : is Debian falling behind?

[Arnd Hannemmann <arnd@wgill.de>]

Rich Puhek schrieb:

> Jeremy T. Bouse wrote:
>
> >     It's been discussed plenty on the Debian mailing lists as well
> > as having the package maintainer give an update on the status of the
> > packages that are being prepared/ready at this time... Might suggest
> > checking a bit further before making such a rash judgement on issues
> > arelady being dealt with...
> >
> >     RedHat and SuSe have commerical money to throw at it... Debian
> > is run by volunteers... As well RedHat and SuSe do not support nearly as
> > many platforms as Debian, so it sometimes takes a bit to get all the
> > packages compiled on all the platforms prior to making an annonouncement
> > so they are all available...
> >
> >     Jeremy
> >
> > On Mon, Mar 03, 2003 at 03:17:16PM -0600, Jor-el wrote:
>
> Woah... easy on Jor-el, everyone. He wasn't slamming Debian's schedule 
> on security updates so much as being concerned about whether Debian 
> was being given the same early notification of vulnerabilities as 
> RedHat, SuSe, and other vendors. As mentioned in another thread, 
> Debian didn't appear to be on the list of vendors notified by CERT 
> (see http://www.cert.org/advisories/CA-2003-07.html).
>
> -- Rich
Hmm , I don't think so. Debian WAS notified by CERT (see 
http://www.kb.cert.org/vuls/id/JPLA-5K6Q3L).

Cya Arnd