Re: replacing misleading debian.org/security claims

To: Security <security@debian.org>, debian-security@lists.debian.org
Subject: Re: replacing misleading debian.org/security claims
From: max <maxwillb@mailfence.com>
Date: Fri, 14 Jan 2022 00:38:44 +0100 (CET)
Message-id: <[🔎] 896508942.487248.1642117124251@ichabod.co-bxl>
In-reply-to: <YdvEubL6/Y6+QeWL@eldamar.lan>
References: <930530503.813075.1640717192123@ichabod.co-bxl> <[🔎] 6b04bca57af4c49dca74e9089f7d9ad49f4058b5.camel@debian.org> <YdvEubL6/Y6+QeWL@eldamar.lan>

January 10, 2022 6:31:37 AM CET Salvatore Bonaccorso <carnil@debian.org> wrote:

> We are going to stop anyway at some point displaying the NVD severity, for context see #992115.

As I see it, Debian should be free to display or not display NVD ratings, but it shouldn't display the incorrect "medium" NVD ratings, when they are actually much worse, as it's been doing. In fact, I think it should issue a public retraction.

Any progress on my original proposal? Are the wheels in motion?

https://lists.debian.org/debian-security/2021/12/msg00002.html
https://lists.debian.org/debian-security/2022/01/msg00002.html

I can't help but feel that it's a 15 second job for anyone with write access to the site, and the reprehensibility of the current claims should be obvious to those with a working moral compass.

-- 
Sent with https://mailfence.com  
Secure and private email

Reply to:

Follow-Ups:
- Re: replacing misleading debian.org/security claims
  - From: Pierre-Elliott Bécue <peb@debian.org>

References:
- Re: replacing misleading debian.org/security claims
  - From: Paul Wise <pabs@debian.org>
- Re: replacing misleading debian.org/security claims
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Re: replacing misleading debian.org/security claims
Next by Date: Re: replacing misleading debian.org/security claims
Previous by thread: Re: replacing misleading debian.org/security claims
Next by thread: Re: replacing misleading debian.org/security claims
Index(es):
- Date
- Thread