Adam Warner <[EMAIL PROTECTED]> writes: > http://www.linuxtoday.com/news_story.php3?ltsn=2002-01-14-002-20-SC-DB > > Someone with better knowledge of all the facts might want to comment on > the claim that "Debian is always the last to fix security holes" and the > tag team follow up "I've been fighting for months now to try to convince > them to release an advisory or fix for ftpd..."
Of course, libc problems are a bit unfair for comparison. Red Hat runs the official CVS repository, and they probably knew about the problem by mid-November or something like that (the fix was committed on 2001-11-29, IIRC). -- Florian Weimer [EMAIL PROTECTED] University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898
