[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: replacing misleading debian.org/security claims

January 14, 2022 11:44:39 PM CET "Pierre-Elliott Bécue" <peb@debian.org> wrote:

> Maybe at some time you could just stop keeping on insisting on that
matter?

I thought this was just an oversight, but since this is intentional, it isn't. How can you possibly justify and continue such a flagrant misrepresentation?


"""
We handle all security problems brought to our attention and ensure that
they are corrected within a reasonable timeframe. Many advisories are 
coordinated with other free software vendors and are published the same day 
a vulnerability is made public and we also have a Security Audit team that 
reviews the archive looking for new or unfixed security bugs.
"""


Half a year is not "within a day", or "a reasonable timeframe".

Mislabeling "critical" NVD ratings as "medium" fits the same pattern.

-- 
Sent with https://mailfence.com  
Secure and private email
Reply to: