replacing misleading debian.org/security claims

To: debian-security@lists.debian.org
Subject: replacing misleading debian.org/security claims
From: max <maxwillb@mailfence.com>
Date: Tue, 28 Dec 2021 19:46:32 +0100 (CET)
Message-id: <[🔎] 930530503.813075.1640717192123@ichabod.co-bxl>

Some statements on debian.org/security are inaccurate, and many people are misled by them.

I propose replacing

"""
Debian takes security very seriously. We handle all security problems brought to our attention and ensure that they are corrected within a reasonable timeframe.
"""

with something more factual, like

"""
Debian's security updates are created by volunteers working in their spare time. Some packages may receive more attention than others. To view the current list of known unfixed vulnerabilities see https://security-tracker.debian.org/tracker/status/release/stable
"""

(Side note: It seems that NVD tends to assign "medium" severity to vulnerabilities initially, but upgrades them to "high" or "critical" later. However, Debian keeps showing the initial severity rating)

-- 
Sent with https://mailfence.com  
Secure and private email

Reply to:

Follow-Ups:
- Re: replacing misleading debian.org/security claims
  - From: Silas Cutler <Silas@BlackLab.io>

Prev by Date: Trying to make extremely secure firewall
Next by Date: Re: replacing misleading debian.org/security claims
Previous by thread: Trying to make extremely secure firewall
Next by thread: Re: replacing misleading debian.org/security claims
Index(es):
- Date
- Thread