Re: [SECURITY] [DSA 3541-1] roundcube security update

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 3541-1] roundcube security update
From: donoban <donoban@riseup.net>
Date: Tue, 5 Apr 2016 20:08:45 +0200
Message-id: <[🔎] 5703FF2D.1050901@riseup.net>
In-reply-to: <[🔎] 20160405165939.946@usenet.piggo.com>
References: <E1anMo3-0000tV-7H@seger.debian.org> <[🔎] 57039CF7.9050404@riseup.net> <[🔎] 20160405165939.946@usenet.piggo.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 05/04/16 17:01, Sébastien Delafond wrote:
> There are *many* things to be taken care of security-wise in
> Debian, but the Security Team will always gladly review "easy"
> backports if you find time to provide them.
> 
> Cheers,
> 
> --Seb
> 

Sorry, I did not mean to offend and I am very grateful to the
collaborators of Debian and also to the Security Team.

I started to worry about security some months ago, and one of my first
decisions was trust Debian instead Fedora (which is default
distribution used on Qubes OS).

Before installing Qubes OS / Debian I was an Ubuntu user (obviously
not a security oriented decision) and I was registered to Ubuntu
security list although I did not read it very often. In this months I
have started to read Ubuntu's USN's and to see the CVE they were
fixing, and then I compared it with Debian and I am very very proud of
my decision to trust Debian. Some CVE's are fixed even years before!

I would like to know if three months is a reasonable time for fix a
problem like this, if packages in testing / backports are more likely
to have a higher delay than main / contrib...

Of course I would like to help, and probably I will migrate all my
Roundcube installations to jessie-backports package when there is a
newer version (now I prefer to don't touch anything). But I want to
know if there is something different with a Iceweasel/Icedove, linux
or ssh problem and roundcube. If some problem with the firsts is more
likely to be fixed faster...

Regards and ty for your work.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXA/8tAAoJEBQTENjj7QilFKoP/iZApgVqDOQWX8DiVPVyYl/s
wUzNOHNIvVEUKACDWrBMA/2NrC5gS8b+WNFNhRDBYINLX9KiCo2tbkAM4W5n/WMg
myp2zs1ngwqIQmljvKAKWHGn7rE1cTAOuCZvepbh2riQo9uFjfQ2QWZYv5roimHr
UiuMM+iTmurEBovoLybNLNtb4ddqQC/l9MlT46plC0YZf3E7yGhs3C4+pt/neQvP
PTNMO3YIZC7Dbf0ReQoy221O3HQ+BXSg1p23yTEqcSnEN8ITo/Ag5jUlLqtpLoEg
6NuxxFOMdayntDcYbn+ksNtLY7r7Xv7BRoTin86Fc5VaBV+Ny3i/Jccy15/3Or85
7A2ZKeLcIxJxgRMCUsMNvPhMwMv7mQ3sqgsPm4OeuhLUz4kp/cGorliQpWV5lx5D
t776/0IHM6PMbHmtv60CnLh5eRcaFiHifLeh0JvcwMZ39yd3bEauxURHJTeGLby/
An5wCuip+4FF8jA+a1GK6sDoqcbPvSrKJmlmlpipLNoN5Epu/Kpldqljdm7dY/DZ
QB28iUHTDCEPmkv0l3WfcJ/N+QDWEBbrrCdDq3BGpSZSrq8/RSqSceC28iYpnIWD
IFOirgYcuySDciaLcKPFoKdfdCm9zsFRqM/TG4D2bjBdx0bodGdj7inmKdjglboe
3nPQ6nzMaTj6benUM2A9
=jLKm
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 3541-1] roundcube security update
  - From: Paul Wise <pabs@debian.org>

References:
- Re: [SECURITY] [DSA 3541-1] roundcube security update
  - From: donoban <donoban@riseup.net>
- Re: [SECURITY] [DSA 3541-1] roundcube security update
  - From: Sébastien Delafond <seb@debian.org>

Prev by Date: Re: [SECURITY] [DSA 3541-1] roundcube security update
Next by Date: Re: [SECURITY] [DSA 3541-1] roundcube security update
Previous by thread: Re: [SECURITY] [DSA 3541-1] roundcube security update
Next by thread: Re: [SECURITY] [DSA 3541-1] roundcube security update
Index(es):
- Date
- Thread