Matt Zimmerman <[EMAIL PROTECTED]> wrote: > On Sun, Feb 01, 2004 at 12:18:07PM +0100, Arthur de Jong wrote:
>> I don't mean to be paranoid but this advisory is dated February 1st, >> 2004 but the new changelog entries are both dated 11 Sep 2003 and >> the deb file for i386 I got has a timestamp of Sep 12. Furthermore >> judging from timestamps on [1] other architectures seem to have >> similar build dates. >> >> Did it really take that long to coordinate this DSA or do all build >> daemons have a problem with their clocks? Not that it really matters >> for this DSA as it is a minor problem that should not affect that >> many people, just being curious. > > Yes, the packages were built a long time ago. I was waiting for some > additional problems to be fixed, but the advisory had to be released > in order to fix a problem with the postgresql update (which had > picked up a dependency on this unreleased version). Does this mean that it is possible that known and fixed (!) security problems are not being corrected in Debian for nearly 5 months? Even though this may be a minor problem, I would like to see it fixed as soon as possible. Paul
