[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DSA 438 - bad server time, bad kernel version or information delayed?

Florian Weimer <fw@deneb.enyo.de> writes:

> Otavio Salvador wrote:
>
>> If we provide an i386 image to fix a vulnerability and the same is
>> found in other arch, then, someone can try to explore this. We need
>> release all affected at same time to solve this.
>
> But Debian doesn't do this any longer.  Do you really think Red Hat,
> SuSE and all the others (including the majority of Debian users on x86)
> should wait because Debian can't backport a security fix to, say, kernel
> 2.4.18 on the s390 architecture?

If the time between is small, IMHO, yes. Of course, on major archs
(i386, powerpc, I think) this should be release at same time.

-- 
        O T A V I O    S A L V A D O R
---------------------------------------------
 E-mail: otavio@debian.org      UIN: 5906116
 GNU/Linux User: 239058     GPG ID: 49A5F855
 Home Page: http://www.freedom.ind.br/otavio
---------------------------------------------
Reply to: