begin quotation from Michael Gilbert (in <[🔎] CANTw=MNYAG06d8jd3=k9i5dfLRwV7JrxvUdRPfTvTiTnjxpO9g@mail.gmail.com>): > On Thu, Dec 1, 2011 at 6:11 AM, wrote: > > On the other hand, at least from my point of view, things are not looking so > > bright. I have on my watchlist 4 buffer overflows (CVE-2011-3193, > > CVE-2011-3194, CVE-2011-1071, CVE-2011-1097), one DoS (CVE-2011-1659) and a > > number of lesser problems (#628843, #615118, CVE-2011-1521), most of which > > I have at least pinged once, most are around for at least 3 months, some > > for more than 6 months. And my selection is a quite limited one. > > At least CVE-2011-3194/5 out of your list above are for a package > (qt4-x11) that has been declared as not receiving security support. I must have missed that. Where is it documented? > Unfortunately volunteers tend to have limited time, and more help is > always appreciated. Even non-DDs can prepare new package updates for > future DSAs. Pinging isn't necessarily productive, actual work is. I am aware of that. > Help with the tracker is also very useful: > http://anonscm.debian.org/viewvc/secure-testing/doc/narrative_introduction?view=co And that. cu AW -- [...] If you don't want to be restricted, don't agree to it. If you are coerced, comply as much as you must to protect yourself, just don't support it. Noone can free you but yourself. (crag, on Debian Planet) Arne Wichmann (aw@linux.de)
Attachment:
signature.asc
Description: Digital signature