As far as I'm aware the problem isn't the security team, but the reasons are:
1. slow/understaffed arch teams - and I suppose this is the biggest problem, as we need all security-wise supportedĀ¹ architectures stable, before a GLSA can be send out. 2. the amount of unmaintained stuff in the tree, no one cares for - see Sune's libwmf email 3. maintainer on vacation or for another reason inactive and didn't communicate that - no co-maintainer, no herd backing up, leaving everyone waiting. This ranking of course does neither say anything about the quality of the fixes, nor does the severity Secunia applies to an issue necessarily match the our's or other distribution security teams. Carsten [1] http://www.gentoo.org/security/en/vulnerability-policy.xml
pgp03USjwtQMx.pgp
Description: PGP signature
