[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Extras Security Policy



Once upon a time Thursday 08 September 2005 12:12 am, Hans de Goede wrote:
> Hi,
>
> I've just read an article on how most distro's are doing when it comes
> to (timely) releasing security updates on lwn.net (this weeks security
> page subscribers only).
>
> One of the things discussed in this article is that add-on repositories
> usually lack a clear security policy.
>
> One example given is that clamav, an open source virus scanner in extras
> has a real exploitable security flaw, for which upstream has released a
> fix I assume, but which is still exploitable in the Extra's version.
>
> It is in no way my attention to single out clamav, this is just an example.
the clamav package maintainer  has been very quick  with updated packages 
which fix security issues in the past  the current release in extras  is 
0.86.2  which according to clamav.net  is the latest stable release. 

but yes  there should be clear direction.  Package maintainers need to keep an 
eye on the upstream project  and release security fixes as soon as possible.

Dennis

Attachment: pgpt3iOvkPgsb.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]