Bug#339837: http://www.debian.org/security/ seriously misleading about security infrastructure performance
Package: www.debian.org
Severity: serious
The header of the security page explains Debian's consideration of
security issues and mentions an average security issues response time
under 48 hours.
I am certainly not the first person to notice this, but I have seen
nothing about this issue since months.
If someone doesn't agree that this is an order of magnitude too
optimistic, I'll point to http://lwn.net/Articles/149976/
Note that I'll be happy to compile stats verifying whether the 48 hours
response time is right if somebody can provide a method they think would prove it right.
I make this a serious bug to get attention. Whatever happens to this
bug's severity, I would really appreciate this issue to be treated. It's
OK to have perhaps an underoptimal security infrastructure, as long as
this is acknowledged and that there's no false claim about it.
Actually, "Debian takes security very seriously." is just a questionable
statement, but giving a statistic that wrong about it just kills
credibility.
Keep in mind, those two sentences are probably the first ones someone
Google-ing for "Debian security" will read.
Suggested fix : remove the two first sentences, at least the second.
Reply to: