Re: [security] What's being done?
Daniel Stone wrote: > Considering that an upload hasn't been made to rectify this root hole, > why hasn't something else been done about it - regular or security NMU? > One would think that this is definitely serious. > > Oh and BTW, Slackware released an update today. Without trolling, I can > say that I was honestly surprised to note that Debian, a distro with > ~850 developers and a dedicated security team, is behind Slackware on > security issues. Glibc always is a difficult problem. 1. It takes ages to build packages and they need to be build on currently six architectures (11 when woody is out). 2. Glibc is the most important package. If something in the security update causes glibc to fail, imagine what will happen to all those systems that just have updated their glibc due to a security upload. Even if they should manage to get their system working again, it will take use *days* to provide fixed packages. 3. Glibc is a beast that not many people want to deal with. All glibc problems I know of have been dealt by the Security Team *together* with the glibc maintainer. Both parties are busy people as well. 4. Supporting one or two architectures is way easier than supporting six architectures. 5. Because of that, we have to be extraordinary careful. This takes time. Sorry for the inconvenience. We are doing what we can. Providing patches and test reports are always welcome, but advisories for the kernel and glibc will probably continue to take more time than usual. Regards, Joey -- It's practically impossible to look at a penguin and feel angry. Please always Cc to me when replying to me on the lists.
Re: [security] What's being done?
Previously Daniel Stone wrote: > Considering that an upload hasn't been made to rectify this root hole, > why hasn't something else been done about it - regular or security NMU? > One would think that this is definitely serious. Waiting for the m68k build, I intend to release a DSA tomorrow. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Re: Bug#126441: [security] What's being done?
> > Ben is merely behind with updating the BTS, by the looks of it... > Can't close it till I fix woody/sid too. Which will be when 2.2.5 is released (days). -- .--===-=-==-=---==-=-. / Ben Collins--Debian GNU/Linux \ ` [EMAIL PROTECTED] -- [EMAIL PROTECTED] -- [EMAIL PROTECTED] ' `---=--===-=-=-=-===-==---=--=---'
Re: [security] What's being done?
On Sun, Jan 13, 2002 at 10:38:40AM +1100, Daniel Stone wrote: > Considering that an upload hasn't been made to rectify this root hole, > why hasn't something else been done about it - regular or security NMU? > One would think that this is definitely serious. I saw this recently... From: Ben Collins <[EMAIL PROTECTED]> To: debian-changes@lists.debian.org Subject: Installed glibc 2.1.3-20 (i386 sparc source all) [...] Date: Wed, 9 Jan 2002 01:34:56 -0500 Source: glibc [...] Architecture: source all sparc i386 Version: 2.1.3-20 Distribution: stable [...] Changes: glibc (2.1.3-20) stable; urgency=high . * Glob security patch. Is that what you are looking for? > Oh and BTW, Slackware released an update today. Without trolling, I can > say that I was honestly surprised to note that Debian, a distro with > ~850 developers and a dedicated security team, is behind Slackware on > security issues. Ben is merely behind with updating the BTS, by the looks of it... -- 2. That which causes joy or happiness.
[security] What's being done?
Considering that an upload hasn't been made to rectify this root hole, why hasn't something else been done about it - regular or security NMU? One would think that this is definitely serious. Oh and BTW, Slackware released an update today. Without trolling, I can say that I was honestly surprised to note that Debian, a distro with ~850 developers and a dedicated security team, is behind Slackware on security issues. d -- Daniel Stone<[EMAIL PROTECTED]> WARNING: The consumption of alcohol may make you think you have mystical Kung Fu powers, resulting in you getting your arse kicked. pgpXT5bGXE3PE.pgp Description: PGP signature