Dear Andrew,
My critique is NOT of how the Debian project manages updates in Stable. It's of
the decision not to inform the users of the inherent limitations of Debian's
approach, which I believe is a violation of the social contract.
Let me make some concrete proposals for debian.org/security
Dear Max,
I am also a simple Debian user.
Debian naturally follows the free software rules of the do-ocracy.
Therefore, you can share the vulnerabilities you encounter in the software
with both the upstream developers and the dedicated security team.
In addition, the customary law of open source c
On Sun, Dec 19, 2021 at 05:37:40PM +0100, Max WillB wrote:
> Davide Prina wrote:
>
> > you must understand that who report a security problem can be a
> > different person
>
> The point is, to quote the paper:
>
> "a vast majority of vulnerabilities and their corresponding security
> patches
Davide Prina wrote:
> you must understand that who report a security problem can be a different
> person
The point is, to quote the paper:
"a vast majority of vulnerabilities and their corresponding security patches
remain beyond public exposure"
Vulnerabilities are fixed in fresh versions o
4 matches
Mail list logo
