The proper way IMO is to subscribe to the CERT for your nation. Be the interface to it for your organization within your local responsibilities. You will then receive the high-risk advisories before they are publically released. That paid off, for example, during the ghost/meltdown Intel vulnerabilities.
On Tue, Jan 25, 2022, 2:52 PM Polyna-Maude Racicot-Summerside < deb...@polynamaude.com> wrote: > > > On 2022-01-25 15:47, Andy Smith wrote: > > Hello, > > > > On Tue, Jan 25, 2022 at 03:05:51PM -0500, Polyna-Maude > Racicot-Summerside wrote: > >> Kind of strange that some people complains we lag behind when I get > >> information everyday that fixes are available for packages in the stable > >> / old stable release. > > > > I think you are getting worked up over the actions of a troll. > > > > You will never get them to change their mind no matter how much > > factual evidence you come up with, because they aren't posting in > > good faith. If they were then they would have either accepted the > > answers they got five times over the first time they brought it up > > here, or else not accepted them and given up. Instead they went on > > to write a "press release" and threaten more to come regarding > > "excommunicated" developers. Their goal is to cause drama, not find > > a solution for any real world problem. > > > > I recommend just moving on with your life and accepting that this > > person is going to keep posting the same claims over and over > > without feeling the need to refute them every time. > > > This message was more regarding some new users or ones who could have > doubt on the safety / security of the Debian ecosystem. > > Sadly some of these people may cause some harm. > > > Cheers, > > Andy > > > > -- > Polyna-Maude R.-Summerside > -Be smart, Be wise, Support opensource development >
