Re: Timeliness of Debian Security Announceness? (DSA 756-1 Squirrelmail)
On Thu, Jul 14, 2005 at 05:40:22PM +0200, Herwig Wittmann wrote:
> Hi!
>
> I am trying to understand if my organization can rely on the debian
> security announcement mailing list as only source of security alerts in
> the future.
>
> This would be very convenient- but the delay that seems to have passed
> between the original squirrelmail security announcement and the time I
> received the alert via security@debian.org is worrying:
>
> The Vulnerability seems to have been described a few weeks ago:
> http://www.squirrelmail.org/security/issue/2005-06-15
>
> The Debian Security Advisory 756-1 is dated July 13th, 2005.
>
>
> I do not want to rude in any way- please try to excuse my way of putting
> things, but does anybody have a prediction how probable it is for such a
> thing to happen again?
>
> Is there a role/function in debian that is responsible for reviewing
> bugtraq or similiar sources, and is ensured that this role is fulfilled
> every day?
>
> Or will there be other measures in place to see that security issues are
> noticed quickly for all packages- even for strange tools that
> are not used by normal unix-centered developers?
>
> Kind regards,
> Herwig Wittmann
Herwig,
I hope this link will help
http://newraff.debian.org/~joeyh/stable-security.html
Regards,
Paddy
--
Perl 6 will give you the big knob. -- Larry Wall
Reply to: