Debian Addresses Security Problems

An anonymous reader writes "After suffering manpower shortages and other issues, Debian says it has finally addressed concerns that it was falling behind on security. Debian's elected leader Branden Robinson yesterday flagged an inquiry into the processes by which security updates are released, citing a potential lack of transparency and communication failures. It was also an appropriate time to add new members to Debian's security team, as several have been inactive for a while, Robinson said. Debian initial security problems can be found in this earlier Slashdot posting."

Re:1000 developers?

[RAMMS+EIN]

Being able to write some software and produce packages is very different from doing security. Security is something that many, even in the developer community, don't understand, or don't understand completely. Having someone who isn't completely security savvy declare your program secure does not help you very much.

Plus, Debian likely requires a lot of security people compared to other distro's, because 1) they provide very many packages (I can't say for sure more than any other, but it's likely), and 2) they don't only fix things by upgrading packages in unstable to the latest version, but also backport fixes to the version in stable.

And in the meantime, the rest of the organization needs not to be forgotten. New packages are submitted all the time, people do like to see a new release within their lifetimes, questions have to be answered, (non-security) bugs need to be fixed, etc. etc. etc. Debian is just a huge project, and I'm impressed with how well it works.

What I really want...

[rbochan]

... to know is:

Why the hell are slashdotters trusting news about Debian from friggen zdnet? And a blog on zdnet to boot!

I mean... c'mon... it's zdnet... with about as much credibility as The Star.