Re: [SECURITY] [DSA-2115-2] New moodle packages fix several vulnerabilities
Florian Weimer writes ("[SECURITY] [DSA-2115-2] New moodle packages fix several vulnerabilities"):
> DSA-2115-1 introduced a regression because it lacked a dependency on
> the wwwconfig-common package, leading to installations problems. This
> update addresses this issue. For reference, the text of the original
> advisory is provided below.
This is the second recent regression in a security update. I'm sure
you'll all agree that this is bad. It's a shame, because Debian
security updates have historically had a very good reputation.
Is there anything that I could do to help with improving things to
avoid this happening again ?
A traditional approach might be to hold a postmortem to try to find
the chain of events, identify root causes, and make recommendations
(whether to the Security Team or to others in the project). Has
anything like that been done in this case ?
offering to help - this is not a brickbat