Re: Positive press for Debian's security team

To: debian-security@lists.debian.org
Subject: Re: Positive press for Debian's security team
From: Matt Zimmerman <mdz@debian.org>
Date: Wed, 7 Apr 2004 09:34:25 -0700
Message-id: <[🔎] 20040407163425.GH11956@alcor.net>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20040407084124.GA4717@deneb.enyo.de>
References: <3CE8E66CCD5A9E44A31436D8774C89E90225A906@nzlsm201.nz.eds.com> <20040330233206.GB16199@bittwiddlers.com> <20040331072238.GA2904@deneb.enyo.de> <[🔎] 20040406183918.GU799@alcor.net> <[🔎] 20040407084124.GA4717@deneb.enyo.de>

On Wed, Apr 07, 2004 at 10:41:24AM +0200, Florian Weimer wrote:

> Matt Zimmerman wrote:
> 
> > On Wed, Mar 31, 2004 at 09:22:38AM +0200, Florian Weimer wrote:
> > 
> > > Chad Waters wrote:
> > > 
> > > > Better metric: fix time from vendor's notification date
> > > 
> > > The last DSA was released with a delay of 2.5 years...
> > 
> > No idea what you are talking about.
> 
> http://cert.uni-stuttgart.de/advisories/postgresql_pam_nss.php
> http://www.debian.org/security/2004/dsa-469
> 
> The package wasn't part of potato, that's why the Security Team wasn't
> involved.  Apparently, the maintainer failed to fix those bugs and the
> broken version (or a subsequent one) was released with woody.

You will grant, then, that this isn't quite the same thing as a "DSA [...]
released with a delay of 2.5 years [from vendor's notification date]".

-- 
 - mdz

Reply to:

References:
- Re: Positive press for Debian's security team
  - From: Matt Zimmerman <mdz@debian.org>
- Re: Positive press for Debian's security team
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: WinAntiSPAM Confirmation #RmCTfJEYOwNrloKInBMV
Next by Date: subscribe
Previous by thread: Re: Positive press for Debian's security team
Next by thread: Fwd: Re: [incidents] Exploit for TCP Wrappers 7.9
Index(es):
- Date
- Thread