Re: DSA 438 - bad server time, bad kernel version or information delayed?
Otavio Salvador wrote:
> Florian Weimer <fw@deneb.enyo.de> writes:
>
> > Jan Lühr wrote:
> >
> >> Does this mean, that a well known exploit was kept back for nearly three
> >> weeks, just because some odd vendors were unable to build there kernels in
> >> time?
> >
> > Yes, this is the norm. Debian hides security bugs from its users for
> > extended periods of time.
>
> Yes but this have a reason.
There are several justifications and explanations, yes.
> Before upload a fix this need be available in all supported archs
Fortunately, you are wrong. Kernel security updates are no longer
synchronized among architectures.
Reply to: