January 14, 2022 11:44:39 PM CET "Pierre-Elliott Bécue" <p...@debian.org> wrote:
> Maybe at some time you could just stop keeping on insisting on that matter? I thought this was just an oversight, but since this is intentional, it isn't. How can you possibly justify and continue such a flagrant misrepresentation? """ We handle all security problems brought to our attention and ensure that they are corrected within a reasonable timeframe. Many advisories are coordinated with other free software vendors and are published the same day a vulnerability is made public and we also have a Security Audit team that reviews the archive looking for new or unfixed security bugs. """ Half a year is not "within a day", or "a reasonable timeframe". Mislabeling "critical" NVD ratings as "medium" fits the same pattern. -- Sent with https://mailfence.com Secure and private email
