[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Proposal/suggestion for security team w.r.t. published vulerabilities

On Wednesday 07 July 2004 18.28, Matt Zimmerman wrote:
> On Wed, Jul 07, 2004 at 01:17:01PM +0200, Jeroen van Wolffelaar wrote:
> > On Wed, Jul 07, 2004 at 02:49:54AM +0200, Javier Fern?ndez-Sanguino 
Pe?a wrote:

> > > Why does the security team have to do this? Anybody can do it.
> > Not without spending lots of time crawling through security lists,
> > CAN/CVE's, bugtraq, verifying whether debian has the offending
> > version, etc.
> How do you think the security team does it?  We do not have a magic
> filter which shows us only issues which affect Debian stable; this is
> all done by hand.

I think Jeroen is thinking about security problems the security team 
already knows about but has not yet had time to handle (and which have 
already been made public somewhere else.) Stupid if somebody has to 
search the sources *again* if the security team already has the 

-- vbi

featured product: SpamAssassin - http://spamassassin.org

Attachment: pgpurgTfFXIJT.pgp
Description: signature

Reply to: