Re: replacing misleading debian.org/security claims
January 14, 2022 11:44:39 PM CET "Pierre-Elliott Bécue" <peb@debian.org> wrote:
> Maybe at some time you could just stop keeping on insisting on that
matter?
I thought this was just an oversight, but since this is intentional, it isn't. How can you possibly justify and continue such a flagrant misrepresentation?
"""
We handle all security problems brought to our attention and ensure that
they are corrected within a reasonable timeframe. Many advisories are
coordinated with other free software vendors and are published the same day
a vulnerability is made public and we also have a Security Audit team that
reviews the archive looking for new or unfixed security bugs.
"""
Half a year is not "within a day", or "a reasonable timeframe".
Mislabeling "critical" NVD ratings as "medium" fits the same pattern.
--
Sent with https://mailfence.com
Secure and private email
Reply to: