Re: Security Audit

Michael Alan Dorman (mdorman-linux-kernel@debian.org)
Mon, 22 Jun 1998 14:49:27 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Mark H. Wood: "Re: Thread implementations..."
Previous message: Leonard N. Zubkoff: "Re: Security Audit"
In reply to: Alan Cox: "Re: Security Audit"

On Mon, Jun 22, 1998 at 07:32:50PM +0100, Alan Cox wrote:
> > > We just tell Alan, and he tells RedHat :)
> >
> > I hope all of the stuff is getting to everyone actually.
> >
> > I'm a bit concerned that while it's certainly great for the Red Hat and Debian
> > distributions to get these security bug fixes, it is very important that they
> > make it back to the original packages, wherever they came from, and that new
> > versions of those packages are released, so that the entire community using the
> > packages receives the benefit.
>
> Every package I've fixed or merged diffs into for Red Hat they have gone
> to the maintainer if there is one. Often there isnt. Metamail has no maintainer
> and the nmh maintainers didnt seem at all interested in the holes in nmh. It
> varies. They _are_ going back however.
>
> I believe the Debian policy is identical on this issue

It is. We always try to pass fixes upstream.

I still agree with Leonard that it would be nice if there was some sort of
distribution-neutral patch repository, where people could put things so
others might use them without having to grovel through RedHat's SRPMS or
Debian's .diff.gz files. It might also facilitate cross-pollenation between
RedHat and Debian as well.

Perhaps this is something that freshmeat could be enhanced to handle...

Mike.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu

Next message: Mark H. Wood: "Re: Thread implementations..."
Previous message: Leonard N. Zubkoff: "Re: Security Audit"
In reply to: Alan Cox: "Re: Security Audit"