[Pkg-samba-maint] Bug#568493: Bug#568493: Bug#568493: samba: zero-day remote access exploit
Michael Gilbert
michael.s.gilbert at gmail.com
Sat Feb 6 15:56:10 UTC 2010
On Sat, 6 Feb 2010 16:50:44 +0100 Christian PERRIER wrote:
> Quoting Michael Gilbert (michael.s.gilbert at gmail.com):
>
> > if i see an active exploit on one of the lists i'm following, then i am
> > going to report it (after all, does't "Debian does not hide problems"?);
>
> Not hiding problems is not reproducing all bug reported upstream in
> our BTS. Apart from bringing yet more load on the maintainers'
> shoulders, on should ponder the real benefit of bug reports.
>
> This is not meant to say you're not right to report but waiting for
> the discussion with upstream to settle down before reporting is
> certainly as helpful as reporting early.
i must respectfully disagree. when it comes to security issues, time
is of the essence. every minute that there is no fix is another minute
that debian's users are vulnerable. hence, getting maintainers
involved as soon as possible should (if the motivation is there)
increase the rate at which the problem is solved.
for normal issues, yes, timeliness is not so much of a concern.
mike
More information about the Pkg-samba-maint
mailing list