On Fri, Feb 20, 2004 at 01:40:23PM +0100, Simon Josefsson wrote:
Is it entirely impossible to have two security teams, or split the current security team into two parts? One part that patches Debian packages as soon as technically possible, and one part that follows various CERT timing requirements? I can't see how CERT would reasonable object to that model, as long as no information flow from the CERT team to the non-CERT team, and it would allow the Debian users to have access to fixes as soon as possible.
What on earth would the point of that be? If the reporting party doesn't set a release timetable then fixes are simply released once they'reready.
Mike Stone