[Gnumed-devel] Re: hherb.com reborn

[J Busser]

At 7:19 AM +0100 11/29/04, Andreas Tille wrote:
>   b) Just building a Debian package does not make software secure
>      by default.

You'll hopefully excuse any ignorance, I (maybe) misinterpreted from 
a prior email that packaging within debian would bring with it some 
orderliness that enhances/assists security i.e. that advantages to a 
debian package include *some* security benefits (even if only 
indirect), maybe that is wrong

>   c) A good sign for having people who care for the security of a package
>      is only if a package belongs to the Debian *stable* distribution. The
>      unstable distribution is no target of the Debian security team (which
>      does not mean that single maintainers wouldn't care for the security
>      of their packages in unstable - but there is just no guarantee).

I suppose there may be no guarantee wither way, it is just that the 
debian security team *commits/tries* to be responsible, and 
responsive, to security issues for the packages that are in stable...

Does this also mean that a medical practice, using real patient data 
to provide real care, should always stick with "stable" --- or 
perhaps --- that if the practice moves up to "testing", they need 
some confidence that security issues for the kernel, and for any 
packages *used by that practice*, will be closely and actively 
watched/managed, by people *other than* the debian security team?