Some statements on debian.org/security are inaccurate, and many people are misled by them.
I propose replacing """ Debian takes security very seriously. We handle all security problems brought to our attention and ensure that they are corrected within a reasonable timeframe. """ with something more factual, like """ Debian's security updates are created by volunteers working in their spare time. Some packages may receive more attention than others. To view the current list of known unfixed vulnerabilities see https://security-tracker.debian.org/tracker/status/release/stable """ (Side note: It seems that NVD tends to assign "medium" severity to vulnerabilities initially, but upgrades them to "high" or "critical" later. However, Debian keeps showing the initial severity rating) -- Sent with https://mailfence.com Secure and private email
