alt Hacker NewsAny chance you know how they manage that? Surely not every package in the repos is supported for the entire 2 year cycle, so if a vuln comes out after a major refactor, it’s surely not easy to backport the patch.
Replies
AstroBen • last Sunday at 2:03 AM
Theres some information here they've put out: https://www.debian.org/security/faq
And yeah it must be an incredible amount of work to stay on top of all this
They auto-import CVE feeds into the security tracker, file bugs for Debian maintainers to fix the issues, curate the tracking data, coordinate with upstreams and other distros to get fixes and so on. Some more on the team web page.
https://security-tracker.debian.org/ https://security-team.debian.org/