Hi, * Michael Gilbert <michael.s.gilbert@gmail.com> [2008-12-07 15:03]: [...] > Oftentimes, a fix gets released for other distributions, and then it > takes weeks or months for Debian to apply the same fix. I wonder if > this is primarily a communication issue and whether including this > type of information in the tracker would help reduce this lag. The > intent would be to increase the security team/package maintainers > awareness of existing patches. > > Some current examples (not a comprehensive list, I only spent 5 > minutes on this): > > CVE-2008-4552: fixed in ubuntu [1] > CVE-2008-2379: fixed in fedora [2] Since we don't just blindly apply fixes from other distributions and there still needs to be someone who can check this additional information I fail to see that this is needed for us. Cheers Nico -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
pgpFf3pysf6mM.pgp
Description: PGP signature