Hi, On Sun, 6 Feb 2005 19:04:22 +0100 Joerg Mayer <.> wrote: ...
What I find interesting is, that in the latest security advisory, there's the passage
2) pending vulnerabilities, solutions, workarounds: - None.
How does this match with the wget problem? Is this an oversight or some misunderstanding in the interpretation of this message?
ciao Joerg
PS: I probably should have started my mail with this: You are doing a good job with the advisories and keeping us informed - it feels to me things have improved significantly since you took over (but there seems to be some room for improvement too, see above ;)
I also think, that there were many improvements, and the general picture of SUSE's security strategy got much better. Really. In the same time I think the problem was mostly with that particular report http://www.novell.com/linux/security/advisories/2005_01_sr.html , where the thread-starting wget vulnarability was mentioned, but not described at all. If you look at the header info of that report, and compare that to it's body, you will see, what I mean. This can happen of course with all of us, but for me the strangest were also the few lines you quoted previously, as there would be no more pending vulns... Best regards, Pelibali Ps. Independently, how this minor wget-story ends, we should CONGRAT to Marcus and his team: e.g. for 9.1 there were 75 (!) YOU rpm-packages released in January 2005, if we don't count the duplicates... Nice job!