On Wed Sep 17, 2003 at 12:43:05PM -0700, Jack Coates wrote: > >>Problem is people don't take security seriously, so they don't sign > >>up for the list. There isn't much we can do to combat that... in the > >>same way, they may skip those messages we put on every single list > >>and then what? > > > > > >Yep agree. It would be a horror to spam the lists !!!Getting it four > >times with an interest in security even five times ? No way. I inform > >me on what i'm interested in. running urpmi update in cron and looking > >sometimes on mandrakesecure should be enough. Even on servers. > > > >Steffen > > I'm on Bugtraq -- I get the alert once from mandrakesecure, once from > Mandrake's message to bugtraq, and once from every other Linux > distributor out there, in addition to the original discovery argument. > > Mandrake is typically pretty slow about updates compared to RH and > Gentoo, but hopefully that'll change if/when they hire Vincent some > minions :-)
I think all things considered, we aren't that slow. If you're defining slow by a few hours, shame on you, if you're defining it by a few days, shame on me. I think we're fairly close to the other big players when it comes to the big updates. And, also, keep in mind that RH and SuSE both employ about a half dozen security folks and, IIRC, gentoo doesn't have to worry about compiling for a number of different versions. Contrary to popular opinion, it *does* take time to properly compile and test packages on each supported platform. We also don't run our own server for updates so we have to wait for mirroring... RH can put the packages up and announce it that minute, we have to wait at least 1-2hrs before announcing or I get flooded with "you announced it so where is it?" messages, just due to the mirroring process. With all that in mind, I think this one-man operation is pretty damn speedy. -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ "lynx -source http://linsec.ca/vdanen.asc | gpg --import" {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
pgp00000.pgp
Description: PGP signature