[Martin F Krafft] >> And prospective security team members should start working in the >> testing security team. There are no need to keep secrets (all is done >> in public), > > Which doesn't address the problem that embargoed bugs are possibly > handled suboptimally in Debian. > > And it does not address the problem that our security infrastructure > went down for a while and we found out about it from a German news > magazine.
True, it does not address those problems, and we should try to address them. But it does address other related problems, and we will be a lot better of if all the _public_ security issues in debian were solved, and having a proven security framework for testing and unstable might make it easier to adjust the framework used for stable to make it better. If all the public issues are solved, I believe it is easier to address the handling of non-public ones. In short, I see no downsides to helping out the testing security team while we at the same time try to address the issues with stable security work. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
