max <maxwillb@mailfence.com> wrote on 18/01/2022 at 05:46:10+0100: > January 14, 2022 11:44:39 PM CET "Pierre-Elliott Bécue" <peb@debian.org> wrote: > >> Maybe at some time you could just stop keeping on insisting on that >> matter? > > I thought this was just an oversight, but since this is intentional, > it isn't. How can you possibly justify and continue such a flagrant > misrepresentation? > > > """ > We handle all security problems brought to our attention and ensure that > they are corrected within a reasonable timeframe. Many advisories are > coordinated with other free software vendors and are published the same day > a vulnerability is made public and we also have a Security Audit team that > reviews the archive looking for new or unfixed security bugs. > """ > > > Half a year is not "within a day", or "a reasonable timeframe". > > Mislabeling "critical" NVD ratings as "medium" fits the same pattern. Your behaviour could be seen as aggressive. If you keep going on, there is a high chance that everybody will start ignoring you, or, if you keep being pushy, ask that you are temporarily prevented to mail debian lists. You'll therefore not obtain the expected result, and people will start ignoring you. You got a reply from Salvatore and this is quite enough for now. -- PEB
Attachment:
signature.asc
Description: PGP signature