Re: Bad press related to (missing) Debian security
* Moritz Muehlenhoff:
> The whole embargo thing about stable security is overrated anyway;
Yes, that's my impression as well.
> as far as I can see it for May and June only mailutils, qpopper and
> ppxp were embargoed, so that they hadn't been publicly known when
> the DSA was published (and even for mailutils and qpopper there was
> a small time frame of 1-2 days between first vendor fix and the
The BSD telnet bug was embargoed as well, but it's not clear if Debian
had access to this information.
It's pretty strange that the disclosure of future BSD userland
vulnerabilities will likely be scheduled according to Microsoft's
> The majority of all issues could be handled a lot more transparent, IMO.