Re: Bad press related to (missing) Debian security
martin f krafft wrote:
>It surprised everyone, even though it was not a real surprise -- if
>that makes sense. The security team has been a major weakness of
>Debian for a while. It was only a question of time until it all came
>down on Joey.
>Anyway, if you like Debian, then you should keep using it. The
>current situation is unacceptable, and we are all aware of this. But
>the good news is that a lot of people are working on it, and after
>the stereotypical blow in the face, we'll have something to learn to
>prevent such problems in the future.
>So bear with us for just a little while more, consider disabling the
>affected services for now, or roll your own security updates until
>we caught up.
I think this is a much better reply than telling people to
* use other distributions (Suse, RHEL, Fedora, Ubuntu, whatever),
* use sid, or
* roll your own security
I've been using Debian since Slink and I think this is one of the very
few times Debian was cought with its security pants down. I don't think
I am affected yet, with exception of spamassassin so let's hope Debian
can catch up before the next remote hole in squid, apache2 or racoon.