Autor: Florian Weimer Datum: To: David Woodhouse CC: exim-dev, Alex Kiernan, Jaco van der Schyff, Nigel Metheringham Betreff: Re: [exim-dev] Development blockage...
* David Woodhouse:
> I'm sure that those who maintain the Exim package in Linux (and other
> OS) distributions will also step up where necessary. I certainly
> expect to.
Debian will code security fixes on their own if necessary, provided that
they don't involve conceptual changes (to cope with protocol bugs, for
instance).
The main question I see from a security POV is if there is
infrastructure in place for coordinated disclosures of security
vulnerabilities. Even if it doesn't make a difference in practice, it's
usually a good idea to have official patches ready when a security
vulnerability is disclosed, and you need to prepare some infrastructure
(at the very least, a well-published mail alias with real people
acknowledging reports in a timely manner).