[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

replacing misleading debian.org/security claims

Some statements on debian.org/security are inaccurate, and many people are misled by them.

I propose replacing

Debian takes security very seriously. We handle all security problems brought to our attention and ensure that they are corrected within a reasonable timeframe.

with something more factual, like

Debian's security updates are created by volunteers working in their spare time. Some packages may receive more attention than others. To view the current list of known unfixed vulnerabilities see https://security-tracker.debian.org/tracker/status/release/stable

(Side note: It seems that NVD tends to assign "medium" severity to vulnerabilities initially, but upgrades them to "high" or "critical" later. However, Debian keeps showing the initial severity rating)

Sent with https://mailfence.com  
Secure and private email

Reply to: