-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 05/04/16 17:01, Sébastien Delafond wrote: > There are *many* things to be taken care of security-wise in > Debian, but the Security Team will always gladly review "easy" > backports if you find time to provide them. > > Cheers, > > --Seb > Sorry, I did not mean to offend and I am very grateful to the collaborators of Debian and also to the Security Team. I started to worry about security some months ago, and one of my first decisions was trust Debian instead Fedora (which is default distribution used on Qubes OS). Before installing Qubes OS / Debian I was an Ubuntu user (obviously not a security oriented decision) and I was registered to Ubuntu security list although I did not read it very often. In this months I have started to read Ubuntu's USN's and to see the CVE they were fixing, and then I compared it with Debian and I am very very proud of my decision to trust Debian. Some CVE's are fixed even years before! I would like to know if three months is a reasonable time for fix a problem like this, if packages in testing / backports are more likely to have a higher delay than main / contrib... Of course I would like to help, and probably I will migrate all my Roundcube installations to jessie-backports package when there is a newer version (now I prefer to don't touch anything). But I want to know if there is something different with a Iceweasel/Icedove, linux or ssh problem and roundcube. If some problem with the firsts is more likely to be fixed faster... Regards and ty for your work. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXA/8tAAoJEBQTENjj7QilFKoP/iZApgVqDOQWX8DiVPVyYl/s wUzNOHNIvVEUKACDWrBMA/2NrC5gS8b+WNFNhRDBYINLX9KiCo2tbkAM4W5n/WMg myp2zs1ngwqIQmljvKAKWHGn7rE1cTAOuCZvepbh2riQo9uFjfQ2QWZYv5roimHr UiuMM+iTmurEBovoLybNLNtb4ddqQC/l9MlT46plC0YZf3E7yGhs3C4+pt/neQvP PTNMO3YIZC7Dbf0ReQoy221O3HQ+BXSg1p23yTEqcSnEN8ITo/Ag5jUlLqtpLoEg 6NuxxFOMdayntDcYbn+ksNtLY7r7Xv7BRoTin86Fc5VaBV+Ny3i/Jccy15/3Or85 7A2ZKeLcIxJxgRMCUsMNvPhMwMv7mQ3sqgsPm4OeuhLUz4kp/cGorliQpWV5lx5D t776/0IHM6PMbHmtv60CnLh5eRcaFiHifLeh0JvcwMZ39yd3bEauxURHJTeGLby/ An5wCuip+4FF8jA+a1GK6sDoqcbPvSrKJmlmlpipLNoN5Epu/Kpldqljdm7dY/DZ QB28iUHTDCEPmkv0l3WfcJ/N+QDWEBbrrCdDq3BGpSZSrq8/RSqSceC28iYpnIWD IFOirgYcuySDciaLcKPFoKdfdCm9zsFRqM/TG4D2bjBdx0bodGdj7inmKdjglboe 3nPQ6nzMaTj6benUM2A9 =jLKm -----END PGP SIGNATURE-----
