Hi,
what do other developers think about localized lists for security
advisories, such as [EMAIL PROTECTED]
Currently, all DSAs are released via mail in english on
[EMAIL PROTECTED] and copied to www.debian.org
afterwards, where they will be picked up by seven[1] fellow translators
who produce the text part in their native tongue.
This means that people who are interested in security, should
subscribe to the -announce list for immediate notification. Those who
prefer an advisory in their native tongue will have to wait up to one
day to see the translation online.
Establishing localized -announce lists could impose an unacceptable
delay before the translated advisory gets posted to the localized
list. This will probably be the case especially with long
advisories[2] or when translators are on their holidays or simply too
busy to maintain the translation properly[3] or if Debian releases a
couple of advisories on one day[4].
This could lead to a false assumtion that no vulnerabilities were
found and fixed, leaving a system vulnerable longer than it would be
considered acceptable.
Given the above, what do you think about establishing localized
security-announce lists? Please discuss this issue on debian-security
and not on debian-devel or debian-project to reach a larger audience.
Regards,
Joey
1. Danish, French, German, Japanese, Portuguese, Spanish and Swedish
2. See DSA 134 as a very bad example (Murphy...) or DSA 148
3. No harm intended, this happens to some people all the time (e.g. myself)
4. *cough* DSA 149, 150, 151 and 152 were released at the same day
--
Unix is user friendly ... It's just picky about its friends.
Please always Cc to me when replying to me on the lists.
