[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 01/12/2021 16:26, Sebastian wrote: > Dear Dom, > >>> Looks like this has been fixed since Debian 10 'Oldstable' Buster, so >>> I shouldn't imagine anyone on this mailing list is affected :) >> To be honest, I think it's a valid post to make, it could be some >> people are still on older versions of Debian. One of my servers is >> on the latest, sure. > I think you are unique on this list with your penchant for > millennium-edition software, but I'll take your point! :D > > The Debian security team can surely be afforded some praise here. They > recently published their 5000th security advisory (in openjdk, for > those interested), and the bugs are nearly always fixed in a matter of > days. > > Best wishes, > > Sebastian > My experience of computer 'security' teams (Gentoo specifically) is that any discussion of a security issue is usually embargoed until there is a fix available. And once that fix is pushed live, then the security announcement follows. In some cases, this can delay exposure of a vulnerability, but you can see why generally, this is better practice than the reverse (hopefully!) ... veremitz/Michael.
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
-- The Mailing List for the Devon & Cornwall LUG https://mailman.dcglug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq