On Tue, 2002-01-15 at 01:05, Tim Haynes wrote: > Adam Warner <[EMAIL PROTECTED]> writes: > > > http://www.linuxtoday.com/news_story.php3?ltsn=2002-01-14-002-20-SC-DB > > > > Someone with better knowledge of all the facts might want to comment on > > the claim that "Debian is always the last to fix security holes" and the > > tag team follow up "I've been fighting for months now to try to convince > > them to release an advisory or fix for ftpd..." > > Some of us wouldn't dare say such things without at least reviewing the > given distro's security policy, FAQ and history. > > <http://www.debian.org/security/> is over there ---> .
I'm aware that Debian manages to get advisories out extremely quickly--in some cases before any other distribution. But I'm not aware of the history of the second posters claims. I did recently note that the latest exim advisory was released on 4 January but the fix for uncontrolled program execution was posted by Philip Hazel on 19 December. That's no 48 hours. And the patch was even provided in the post [in this case I suspect the post by Philip Hazel was missed]. But I was really impressed that updates for unstable/testing were released at the same time. For those of us that use/test the bleeding edge on our systems it's a great reassurance to see the security team giving consideration to the security of testing/unstable. Regards, Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
