[Linux-aus] Now tell the rest of the story...

Paul Shirren shirro at shirro.com
Fri Mar 26 11:42:02 UTC 2004


Anthony Towns wrote:
> Not really; it's certainly true in some cases -- we don't do security
> support for unreleased distributions (testing, unstable or experimental),

It is annoying because I couldn't bare to use stable beyond its use as
an installer. I don't think I am the only one.

It would be nice if there was more security info on Sid.

I check security.debian.org and try and work out if and when the
unstable equivalents need to be updated. But it isn't a very good way of
doing things.

It is nice when they say the unstable package isn't vulnerable. But then
you get ones like dsa-465 that say
"For the unstable distribution (sid) these problems will be fixed soon."

AFAIK from the changelog 0.9.7d-1 fixes it, but why doesn't it get a
mention on the dsa-465 page? Just because unstable is not officially
supported, shouldn't mean it has to be ignored.

Still, I think Debian security works pretty well overall.

> so there are definitely vulnerabilities left in some of those packages;
> and I'm sure in some cases those packages get dropped rather than patched.
I appreciate your honesty, but you are scaring me.

> http://www.eeye.com/html/Research/Advisories/AD20040210.html seems to
> indicate the bug was reported to Microsoft on 2003/07/25, and fixed
> 2004/02/10.
I have four words for ya...I...love...this...company...yeeeeaaah!
They make it too easy don't they.



More information about the linux-aus mailing list