On Sat, Aug 27, 2005 at 10:40:36PM +0200, martin f krafft wrote: > Following the debate around LinuxTag, Branden put a trusted and very > active and skilled developer on the task to research the security > problems. Unfortunately, he has not been able to get far with this > job yet, probably due to numerous reasons. If Branden reads this > (and he should as it's CC'd), I hope he does something about the > situation, not by putting pressure on the researcher, but by > actually causing some change.
The only other point of change I can see is the security team itself. A couple of possibilities come to mind: 1) the developers propose a GR chartering a new security team (as DPL, I can propose a GR without getting seconds first[1]); 2) I bring the Debian Security Team under delegation[2]. Neither of these guarantee that the people appointed to the security will fulfill the tasks demanded of them -- there is Constitution §2.1.1 to consider. > > The email part is very unfortunate indeed, but it probably doesn't > > warrant drastic measures. > > Not if we want Debian to become known as an amateur club and lose > value among professionals. And yeah, client switching to Solaris may > tell something about their understanding of security... but then > isn't it all the more important for Debian to get it right and help > protect those that don't know better? [1] Constitution §4.2.1, §5.1.5 [2] Constitution §5.1.1, §8 -- G. Branden Robinson Debian Project Leader [EMAIL PROTECTED] http://people.debian.org/~branden/
signature.asc
Description: Digital signature