In article <[🔎] 877jn83h3j.fsf@deneb.enyo.de> you wrote: > IOW, the soaking period is required. But we don't hide Bugs. And given the voluntary nature of Debian a lot of fixes just wont happen before the velnerability is widely known, anyway. Just see the current samba problem. And besides the openssh disaster I dont see many destructive security patches, especially not with debians conservative backporting strategy. Greetings Bernd