Re: Bad press related to (missing) Debian security

To: Moritz Muehlenhoff <jmm@inutil.org>
Cc: Michael Stone <mstone@debian.org>, debian-security@lists.debian.org
Subject: Re: Bad press related to (missing) Debian security
From: Florian Weimer <fw@deneb.enyo.de>
Date: Tue, 28 Jun 2005 12:40:16 +0200
Message-id: <[🔎] 87zmtadasv.fsf@deneb.enyo.de>
In-reply-to: <[🔎] 20050627235654.GA6326@informatik.uni-bremen.de> (Moritz Muehlenhoff's message of "Tue, 28 Jun 2005 01:56:55 +0200")
References: <[🔎] 1119878719.42bffe3fdf2ba@webmail.in-berlin.de> <[🔎] 200506271550.24151.waja@gmx.de> <[🔎] 1119880458.22070.237235052@webmail.messagingengine.com> <[🔎] 200506271700.29891.jluehr@gmx.net> <[🔎] 42C04102.10307@zombino.com> <[🔎] 20050627182637.GN9833@alcor.net> <[🔎] 20050627183612.GN3081@morgul.net> <[🔎] 20050627205128.GL9591@mathom.us> <[🔎] 20050627235654.GA6326@informatik.uni-bremen.de>

* Moritz Muehlenhoff:

> The whole embargo thing about stable security is overrated anyway;

Yes, that's my impression as well.

> as far as I can see it for May and June only mailutils, qpopper and
> ppxp were embargoed, so that they hadn't been publicly known when
> the DSA was published (and even for mailutils and qpopper there was
> a small time frame of 1-2 days between first vendor fix and the
> DSA).

The BSD telnet bug was embargoed as well, but it's not clear if Debian
had access to this information.

It's pretty strange that the disclosure of future BSD userland
vulnerabilities will likely be scheduled according to Microsoft's
needs.

> The majority of all issues could be handled a lot more transparent, IMO.

I agree.

Reply to:

References:
- Bad press related to (missing) Debian security
  - From: "W. Borgert" <debacle@debian.org>
- Re: Bad press related to (missing) Debian security
  - From: Jan Wagner <waja@gmx.de>
- Re: Bad press related to (missing) Debian security
  - From: "Carl-Eric Menzel" <calle-debian@bitforce.com>
- Re: Bad press related to (missing) Debian security
  - From: Jan Lühr <jluehr@gmx.net>
- Re: Bad press related to (missing) Debian security
  - From: Adam Majer <adamm@zombino.com>
- Re: Bad press related to (missing) Debian security
  - From: Matt Zimmerman <mdz@debian.org>
- Re: Bad press related to (missing) Debian security
  - From: Noah Meyerhans <noahm@debian.org>
- Re: Bad press related to (missing) Debian security
  - From: Michael Stone <mstone@debian.org>
- Re: Bad press related to (missing) Debian security
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Prev by Date: Re: Bad press related to (missing) Debian security
Next by Date: How to help the security team (was Re: Bad press related to (missing) Debian security)
Previous by thread: Re: Bad press related to (missing) Debian security
Next by thread: Re: Bad press related to (missing) Debian security
Index(es):
- Date
- Thread