On Tue, Nov 20, 2001 at 03:49:28PM -0800, nate wrote: > i can think of one(IMO) glaring security problem in debian, > that is the (now almost a year old) DOS attack against the > openbsd ftpd port in debian potato. ive reported it to > multiple places(including the security list) but never got > a reply.
I've prodded [EMAIL PROTECTED] again to remind the relevant people that something needs to be done. > biggest con to debian is the near immediate abandonment > of "stable" releases once a new "stable" release comes > out. e.g. security/other fixes are not backported to > the previous stable release. other vendors like > redhat, suse, sun, etc(not sure about the bsds) typically > backport their security fixes(at least) to the previous > 2-3 stable releases.i wish debian would maintain that, > at least backporting security fixes(nevemind the rest) > 1 stable release. This is basically just a question of lack of volunteer time and interest, coupled with the long release cycle that means a lot of developers shudder at the thought of trying to keep the ancient monstrosity that was the last-but-one release up to date. -- Colin Watson [EMAIL PROTECTED]
