Re: Positive press for Debian's security team
On Wed, Apr 07, 2004 at 10:41:24AM +0200, Florian Weimer wrote:
> Matt Zimmerman wrote:
>
> > On Wed, Mar 31, 2004 at 09:22:38AM +0200, Florian Weimer wrote:
> >
> > > Chad Waters wrote:
> > >
> > > > Better metric: fix time from vendor's notification date
> > >
> > > The last DSA was released with a delay of 2.5 years...
> >
> > No idea what you are talking about.
>
> http://cert.uni-stuttgart.de/advisories/postgresql_pam_nss.php
> http://www.debian.org/security/2004/dsa-469
>
> The package wasn't part of potato, that's why the Security Team wasn't
> involved. Apparently, the maintainer failed to fix those bugs and the
> broken version (or a subsequent one) was released with woody.
You will grant, then, that this isn't quite the same thing as a "DSA [...]
released with a delay of 2.5 years [from vendor's notification date]".
--
- mdz
Reply to: