One DD replied off-the-list, so I'll quote him without attribution:
> I understand your concern, but practicality is better then theory.
>
> (...) we will get notification when vulnerabilities are exploited, and so we
> get priority.
It's not so theoretical:
"Google is aware that an exploit
Dear Diederik,
New code fixes old bugs, but introduces new ones. Then Debian comes in and, at
some point, applies a small portion of those fixes to old code.
My problem is that debian.org/security is not telling you that. People read the
page and get the mistaken impression that all of
Dear Andrew,
My critique is NOT of how the Debian project manages updates in Stable. It's of
the decision not to inform the users of the inherent limitations of Debian's
approach, which I believe is a violation of the social contract.
Let me make some concrete proposals for debian.org/security
Davide Prina wrote:
> you must understand that who report a security problem can be a different
> person
The point is, to quote the paper:
"a vast majority of vulnerabilities and their corresponding security patches
remain beyond public exposure"
Vulnerabilities are fixed in fresh versions
Am I really the only one who thinks that it's a direct violation of the social
contract? Of course, I wouldn't expect a commercial entity in Debian's position
to be upfront with their users about the limitations of their product, but
Debian was supposed to be different, was it not?
--
Sent
Hello
Let me first say that while my message is critical, Debian is my favorite Linux
distro, and I've used many over many years. The goal of this post is to improve
the way the security information is communicated on debian.org, which I believe
is misleading.
security.debian.org starts off
Package: project
Severity: wishlist
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
-> The Packages-Activity
* What exactly did you do (or not do) that was effective (or
ineffective)?
-> I tried
On 19.04.2012 19:39, Jakub Wilk wrote:
It's not a Debian logo. Not even close.
It actually looks the same.
To avoid further confusion, maybe it'd be a good idea to change our logo
to something less silly.
I like debian logo now.
signature.asc
Description: OpenPGP digital signature
Hi,
I work for a web hosting site, which gives detailed information about
different services and packages about hosting.
I came across your website : debian.org. And I find it very relevant to my
client's site.
I would like to have your co-operation, which I believe will help us to
increase the
.
If you have comments or concerns, please let me know!
-- Max AltStaff Software ArchitectChannel Software OperationIntel Corporation
[EMAIL PROTECTED]
Title: On behalf of Max Group Corporation
On behalf of Max Group Corporation, I would like to thank you for
participating in the Max Group B2B eccommerce program.
Your B2B account can now reflect your true cost.
24 / 7 access to your pricing, ( Price set by your Sales Person)
24 / 7 real
11 matches
Mail list logo
