On Sun, Mar 06, 2005 at 02:04:29PM +0100, Ulf Harnhammar wrote:
> Lars Wirzenius asked for that in this blog entry, so it seems like people
> would be interested:
>
> http://liw.iki.fi/liw/log/2005-01.html#20050128c
Yes, I know he is interested. I've actually done this previously, see my
talk at Debconf3:
http://people.debian.org/~jfs/debconf/security/
and these reports:
http://lists.debian.org/debian-security/2001/12/msg00257.html
http://www.nl.debian.org/News/2004/20040406
> "An overview of our track record for releasing fixes for security problems.
> Possibly combined with a talk about looking for common types of security
> problems in one's packages and the proper ways of releasing fixes by
> co-ordinating the release of the fix with other distros and the upstream
> developers."
Yep, that's more or less what I'm thinking about. Although I would like
also to spark some discussion on the obvious data (i.e. the "time to fix" a
vulnerability has increased if you compare the different releases and it
will probably be worst once sarge is released)
Regards
Javier
|
