Amar Adadande wrote:
> As part of our organization's security measures, we regularly conduct
> security scans using the National Vulnerability Database (NVD). We have
> noticed that the NVD database used by Debian may not be up to date with the
> latest vulnerabilities.
You seem to be mistaken. We
Hideki Yamane schrieb:
> So, my proposal is "How about informing point release *before*
> its release via SNS". Not so many costs, but users can prepare
> for it whether they're lazy ;)
This already exists, they are sent to
https://lists.debian.org/debian-stable-announce/
See e.g. here for th
Jean-Philippe MENGUAL schrieb:
>> stretch - security
>
> the same, but supported more long time by the external team, funded by
> companies to do it
It is not. oldstable-security is supported by the project at large, even
checking the Wikipedia page would have told you...
https://en.wikipedia.or
Thorsten Glaser schrieb:
> Moritz Mühlenhoff inutil.org> writes:
>
>> Kurt Roeckx roeckx.be> schrieb:
>
>> > The rules seem to suggest that we need a priority important bug
>
> So, if I have one, I can include the relevant bugfix?
>
>> > So I h
Kurt Roeckx schrieb:
> So I have the impression that if upstream has a stable branch and
> really only do bug fixes with a low chance of regressions that
> this will most likely be accepted.
Yes. For some cases (e.g. postgres and openjdk) the upstream QA made
for the bugfix releases exceeds the p
5 matches
Mail list logo