(open letter to the debian security team) Greetings,.. on friday, 8th july 2005 07:58 Martin Schulze wrote:
[...] > The Debian project confirms that the security infrastructure for both > the current release Debian GNU/Linux 3.1 (alias sarge) and the former > release 3.0 (alias woody) is working again. The security team is now > able to provide updates on a regular basis again. [...] > There were several issues with the security infrastructure after the > release of sarge, that lead to the Debian security team being unable > to issue updates to vulnerable packages. These issues have been fully > resolved, and the infrastructure is working correctly again. Nice to hear, thanks to all. You obviously spent a lot of time and efforts in restoring debian security. Thanks. But maybe, some rather constructive critism is required as well- and ehm, well, to be honest, imho this is not satisfying: It has never been official announced, that the security infrastructure is not working. It is quite confusing, that you report the end of problems you haven't reported at first, furthermore if the end of this problem justifies an official debian announce, the beginning of this problem should have been announced to. Knowing a security problem is imho probably more important than knowing not having a problem, because, a security problem requires defensive actions. Another point is the explanation. "several issues with the security infrastructure" can probably mean anything. From failing power supplying units up to conflicts within the security team. By that the explanation is not satisfying, too. There has been a few rumours in joey's blog, but anyway, I'm missing official statements / announces, why this had happend (technically and non-technically) how it was solved, and how it is prevent in the future - and I guess, others are missing 'em as well. Looking back to the break-in 2003, this issue was handled very good and transparent. Imho this was a good example how things can be handled - thus going on that way ought to be quite better. Thanks for your patience, Keep smiling yanosz
