On Tue, 25 Apr 2006 00:31:45 +0200 Javier Fernández-Sanguino Peña wrote: > On Sun, Apr 23, 2006 at 11:57:00AM +0200, Francesco Poli wrote: > > I think that a page very similar to > > http://spohr.debian.org/~joeyh/testing-security.html > > would help making the public aware of how things are going on for > > Debian stable, from a security point of view. > > The problem is, there is no such data. Some of the information handled > by the stable security team is "private" (vulnerabilities are handled > through vendor mailing lists before full disclosure). > > I have asked a public interface to the stable security team in the > past to their data but it doesn't seem to be possible.
I think that this should be changed, as the SC states:
| 3. We will not hide problems
| We will keep our entire bug report database open for public view
| at all times. Reports that people file online will promptly
| become visible to others.
Even if the explanation talks about the BTS in particular, I think that
the spirit of SC#3 should apply to other areas too (e.g. problems that
are known to some DDs, but are not yet reported to the BTS).
--
:-( This Universe is buggy! Where's the Creator's BTS? ;-)
......................................................................
Francesco Poli GnuPG Key ID = DD6DFCF4
Key fingerprint = C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
pgpUkwKIc98mT.pgp
Description: PGP signature
