Henning Makholm wrote:
As a random data point, take DSA-1116 (a buffer overrun with no known
exploit, in a quite popular piece of desktop software), where I happen
to have a timeline:
July 1 - reported privately to security team, with patch
July 6 - bug goes public through upstream's BTS,
On Tue, Aug 29, 2006 at 07:17:39PM +0200, martin f krafft wrote:
I am holding in my hands the 09/06 copy of the German Linux Magazin,
and on page 76, opensourcefactory.com has advertised Open/OS
Corporate Linux [0], which apparently makes Debian mature.
While I applaud their efforts and I
Henning Makholm wrote:
Scripsit martin f krafft [EMAIL PROTECTED]
also sprach Henning Makholm [EMAIL PROTECTED] [2006.08.29.2310 +0200]:
July 6 - bug goes public through upstream's BTS, Debian bug filed
July 21 - fixed in sarge, DSA released
I know this is a ridiculous time span, but
On Tue, Aug 29, 2006 at 11:58:16PM +0200, martin f krafft wrote:
also sprach Henning Makholm [EMAIL PROTECTED] [2006.08.29.2310 +0200]:
We also shouldn't fool ourselves into thinking that a commercial
repackager with a real dedication to security support (say, by hiring
a handful of
also sprach Paul Johnson [EMAIL PROTECTED] [2006.08.30.0236 +0100]:
Perhaps ask them kindly to either contribute their work back to
Debian, or stop using Debian in their advertising and packaging.
This is what I was thinking about. However, is it what we want?
After all, I think we *want* them
martin f krafft wrote:
and since their ad is entitled Debian of full age,
it kind of
suggests that Debian per se is immature, a child, an
assertion I'd
strongly oppose.
I can't see the 'Debian of full age' thing, I am not
very fluent in German but I can't see any reference to
this statement.
also sprach Ottavio Caruso [EMAIL PROTECTED] [2006.08.30.1048 +0100]:
I can't see the 'Debian of full age' thing, I am not
very fluent in German but I can't see any reference to
this statement.
The title: Debian volljährig!
--
Please do not send copies of list mail to me; I read the list!
On Wed, 30 Aug 2006, Alexander Sack wrote:
Of course, we don't want to have 2nd class architectures, but waiting
for architectures to finish that are used only by a minority looks
flawed either. Especially if there is a buildd breakage involved.
Zero tolerance for buildd breakage should be a
martin f krafft [EMAIL PROTECTED] wrote:
I am holding in my hands the 09/06 copy of the German Linux Magazin,
and on page 76, opensourcefactory.com has advertised Open/OS
Corporate Linux [0], which apparently makes Debian mature.
[...]
I'd be interested in what people think. Am I just
martin f krafft wrote:
and that they add support and maintenance, which adds the features
- reliable release cycle
- newest packages
- security team
- security administration
Their latest security update is from February...
Cheers,
Moritz
--
To UNSUBSCRIBE, email to
Hi,
I am holding in my hands the 09/06 copy of the German Linux Magazin,
and on page 76, opensourcefactory.com has advertised Open/OS
Corporate Linux [0], which apparently makes Debian mature.
0. http://www.open-os.com/cms/index.php?page=Home
It calls our distro reliable and secure and states
Hello,
It calls our distro reliable and secure and states that they add
maturity and corporate readiness. Then they go on to state that
Debian is
- reliable
- secure
- upgradeable
- integrateable
- preconfigured
- remotely administratable
and that they add support and
Hello,
And Debian has lacked security support for new software for a
long time (I believe testing is supported now).
What I meant to say here is, that testing with the latest relatively
stable software in it, had no security support in the past.
and since their ad is entitled Debian of full
Scripsit Benjamin Mesing [EMAIL PROTECTED]
- we have our own security team
That isn't negated by their add, in fact they state that Debian is
secure. And Debian has lacked security support for new software for a
long time (I believe testing is supported now).
We also shouldn't fool
also sprach Henning Makholm [EMAIL PROTECTED] [2006.08.29.2310 +0200]:
We also shouldn't fool ourselves into thinking that a commercial
repackager with a real dedication to security support (say, by hiring
a handful of full-time employees to keep it current, and also by
restricting their
Scripsit martin f krafft [EMAIL PROTECTED]
also sprach Henning Makholm [EMAIL PROTECTED] [2006.08.29.2310 +0200]:
July 6 - bug goes public through upstream's BTS, Debian bug filed
July 21 - fixed in sarge, DSA released
I know this is a ridiculous time span, but it's better than nothing.
* martin f krafft [Tue, 29 Aug 2006 19:17:39 +0200]:
Then they go on to state that Debian is
- reliable
- secure
- upgradeable
- integrateable
- preconfigured
- remotely administratable
and that they add support and maintenance, which adds the features
- reliable release
17 matches
Mail list logo
