• replacing misleading debian.org/security claims

    From max@21:1/5 to All on Thu Dec 30 10:10:03 2021
    Some statements on debian.org/security are inaccurate, and many people are misled by them.

    I propose replacing

    """
    Debian takes security very seriously. We handle all security problems brought to our attention and ensure that they are corrected within a reasonable timeframe.
    """

    with something more factual, like

    """
    Debian's security updates are created by volunteers working in their spare time. Some packages may receive more attention than others. To view the current list of known unfixed vulnerabilities see https://security-tracker.debian.org/tracker/status/
    release/stable
    """

    (Side note: It seems that NVD tends to assign "medium" severity to vulnerabilities initially, but upgrades them to "high" or "critical" later. However, Debian keeps showing the initial severity rating)

    --
    Sent with https://mailfence.com
    Secure and private email

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Silas Cutler@21:1/5 to max on Thu Dec 30 17:20:02 2021
    This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --3OWvrB035ctv0ADNTxR6divMUiguRpABa
    Content-Type: multipart/mixed;
    boundary="------------0438489774F69E76BEC563F2"
    Content-Language: en-US

    This is a multi-part message in MIME format. --------------0438489774F69E76BEC563F2
    Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable

    Hi Max -

    (First time poster (?Maybe) / long time lurker).

    I think highlighting that Debian is supported by volunteers is important
    and providing up front a link to tracker is outstanding. The "we take security seriously" text is dated consistent with standard boiler-plate
    text.

    I'd also like to see information on both how to submit vulnerabilities
    as well as how to contribute to getting them fixed.

    Thanks,
    Silas




    On 12/28/21 1:46 PM, max wrote:
    Some statements on debian.org/security are inaccurate, and many people are misled by them.

    I propose replacing

    """
    Debian takes security very seriously. We handle all security problems brought to our attention and ensure that they are corrected within a reasonable timeframe.
    """

    with something more factual, like

    """
    Debian's security updates are created by volunteers working in their spare time. Some packages may receive more attention than others. To view the current list of known unfixed vulnerabilities see https://security-tracker.debian.org/tracker/status/
    release/stable
    """

    (Side note: It seems that NVD tends to assign "medium" severity to vulnerabilities initially, but upgrades them to "high" or "critical" later. However, Debian keeps showing the initial severity rating)


    --
    Silas Cutler (Silas@BlackLab.io)
    PGP Fingerprint (598A 812E FB8C BA19 69A5 D17A C14D A520 A02E 8CD6)

    --------------0438489774F69E76BEC563F2
    Content-Type: application/pgp-keys;
    name="OpenPGP_0xC14DA520A02E8CD6.asc"
    Content-Transfer-Encoding: quoted-printable
    Content-Description: OpenPGP public key
    Content-Disposition: attachment;
    filename="OpenPGP_0xC14DA520A02E8CD6.asc"

    -----BEGIN PGP PUBLIC KEY BLOCK-----

    xsFNBGFEKqABEADDjfE/P1R01pSmkSIcOxPPRvgcTB+NoZY47d+IVGMFAoN7TuQsVIbmeQ8RHDnM ziUiCrNuGHKIa3aFfoUN30Pt6PdVqdVvgDzAHHvlVegMn23CjgaHYQik0QEY8cK3rRonCZTN6zh2 32E5HESGV9+gu/A6MokAcjbC1vjqLZkLCVaVJgLtAxhdDR1sJIiuILWypgqdHr/YlfxG/3hUUqVs UqF/QjegFxhLQmoCAOybHDnU6ELwgAPjIpTi8qvS1DMuFkqpJbtYxCpak5VArrq0cdCKD5sdTur4 +vzfS4+ztJWWevzEgPHAyBYeChZVjI6yZliW+rBRhmflRtde/uWPPvZuBDJ1y3tznJpO2kts9UbY JLFN6EI7/0yPh7XLx4xF7wKOj6MHxSvDJ48XGlbKnHqViw2v0Hb8JLDW+6jaD2kuqJrf+RdqBu/W fsMUlVyB1KHeVxUa4o7bKyk935V51weFeArJt/EBBaORfx+zjZ0+L4L8GokvBqH5bBtzt7/rJzaX pzTi8Hbnyb/9V9O2Kyh2Pd1AvsAGY3vOXQ7V57rvqafJG
  • From Paul Wise@21:1/5 to Silas Cutler on Wed Jan 5 07:30:01 2022
    On Thu, 2021-12-30 at 11:04 -0500, Silas Cutler wrote:

    I'd also like to see information on both how to submit
    vulnerabilities as well as how to contribute to getting them fixed.

    These are addressed in the FAQ:

    https://www.debian.org/security/faq#discover https://www.debian.org/security/faq#help https://www.debian.org/security/faq#care

    They refer to the developers reference and security tracker docs:

    https://www.debian.org/doc/developers-reference/pkgs.html#bug-security https://security-tracker.debian.org/tracker/data/report

    --
    bye,
    pabs

    https://wiki.debian.org/PaulWise

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEEYQsotVz8/kXqG1Y7MRa6Xp/6aaMFAmHVOggACgkQMRa6Xp/6 aaNUsRAAt8+OsjWDslEsQTt4mmI3CLY9V8a8WjN2Mpe0Kr5n6OJKtZpo6hPyTTCZ V6boRlqourqnphDn2aX3sdSNTkRuNdeAr98Pu5PotfYGc68+wknflUE9dlr5CRNy HTe9SPtfv0Rh6WbLFHA/vvYnA6tyQhGEXlkTfSM8zLlcMKfT0rt1WtAXHmwMeiHs oVnr3B8bMtOuVx46mDNXQ6AWO1+d45fe34y+UpwUVbT4/Cz+lSRntrJ4BKBI/mF1 CyaJuaJAJI6I88vDyb0VlwNfwpUu6MIpo5VZHonGE27T9TzLgbEmk46oBfTTB6Tg 3IPpgSaOe+Yo1WSHgnCG6W1yvBvNH/wm4S11H0HgIAiLuTH91iNMMvx+/fnHCxs8 YdChRl6WNZSyCjkkbSTa4qGmLhjIIi4rUT4/o9YZuzd1RffbgXx6P0nEfrjO0u65 6PG0hlmD4mAk1raBrN2tqi/4OdJVA861eOGO/r8hMT0Oa4YMaHQZL+eVUDHrawCg 7Tuvh0u+KBlMaM5YJvg1gT3s39OMwgwRigjFEBYUljt5CaSeWvMSq14YSyQf8t2D 7LOGKSwa9TZMeCSoKHEbUkBdlbR1pwPcWQ4RAp12q8dbhA/0Du9a+jHDygDIpwBB 7FkEL8RAYArvVC1T0lJu08JKYKh+jp9JC5Sjlrh3K90DREe3A4s=
    =r5L0
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Paul Wise@21:1/5 to max on Wed Jan 5 07:30:01 2022
    On Tue, 2021-12-28 at 19:46 +0100, max wrote:

    Debian's security updates are created by volunteers working in their
    spare time. Some packages may receive more attention than others. To
    view the current list of known unfixed vulnerabilities see https://security-tracker.debian.org/tracker/status/release/stable

    This isn't entirely factual either. The LTS team is mostly composed of
    people being paid to contribute, with some volunteers. Some of the
    stable security team may also be paid, but there isn't any public
    information about who is paid and who they work for.

    https://wiki.debian.org/LTS/Team
    https://wiki.debian.org/LTS/Funding

    I suggest contacting the stable and LTS security teams to draft a
    statement that best represents the current and future reality of Debian security updates.

    https://www.debian.org/security/faq#contact https://wiki.debian.org/LTS#Get_in_contact
    https://wiki.debian.org/LTS/Contact

    (Side note: It seems that NVD tends to assign "medium" severity to vulnerabilities initially, but upgrades them to "high" or "critical"
    later. However, Debian keeps showing the initial severity rating)

    Please send a patch, issue or mail about that separately.

    --
    bye,
    pabs

    https://wiki.debian.org/PaulWise

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEEYQsotVz8/kXqG1Y7MRa6Xp/6aaMFAmHVOLsACgkQMRa6Xp/6 aaM/5Q/9Gi3rQf9kjlkglr+tHZUgvtUB6s0/dn/a6JkRjfy/ihTQi5E+dC/U/PgN zo2V7qyObkclx9Z+8D3gSJlrrNaPDpjUqGr0WXv635tKax81/ou/8aZrqCVAje/f Wnacx10mgGCcqaDbFdsZpKeJnnVXsEdulP6sIwsdpvVE3SWwP/GKdt4+IMQOc4Wu REWKRTTuQm4fZFp22e5AT0xgp0bG2tXB2cbVLfzifOdm7IglOfGrf7LAtcmI46ty 1UH5D/Ms3EZKGmYc/aBHM5YC8GwxIFXtM+xaHdjk69oJ/bIrfpA8ha74baT4U3mv 6HjGfWwTbqG/bd6BZFKzKw7i7JrRWusvE2ysqmBamR+GoOu3NAq33D8uSJjt3pIt 0/1SMYen0jvlEm2VpHqvsPMXSYA04Lt+ahKePS0oz+GrpRn8rJco4dTri/9zEteo ulPKA3Vyb0px57YFaQRvY4jz616r+CUf43lqzEU6/rgUnbATKelEPun0npeMfs+e WLJfLldJhNIanepJSppwy2ELzu9GHWjofGvmyks0IAE00xXQ2gNWBuHjgQxhn9Ch ZJs/l4g/r6G7UwNlge5xGHavUEczmOgtSu27CVcMhCv2oyIZFlL84x4o0HKZjq7w g4ejo1RfjJPPnWe2X+dyWLZm5tFQ8fye1w72HmYq12c5XRvxOS4=
    =B8lR
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From max@21:1/5 to pabs@debian.org on Mon Jan 10 02:00:02 2022
    January 5, 2022 7:20:46 AM CET Paul Wise <pabs@debian.org> wrote:

    Please send a patch, issue or mail about that separately.

    Please see below:


    The security tracker is listing incorrect NVD severity ratings. It looks like NVD tends to assign "medium" severity and later upgrades them, while Debian doesn't.

    For example, see

    https://security-tracker.debian.org/tracker/CVE-2021-30579 https://security-tracker.debian.org/tracker/CVE-2021-37973

    that show "medium" severity, but are actually rated "critical" and "high" by NVD.

    --
    Sent with https://mailfence.com
    Secure and private email

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From max@21:1/5 to pabs@debian.org on Mon Jan 10 01:50:01 2022
    (Added: CC: security@debian.org as requested. Please see the mailing list archive if you need context)

    January 5, 2022 7:20:46 AM CET Paul Wise <pabs@debian.org> wrote:

    This isn't entirely factual either.

    How about this (added "largely"):

    """
    Debian's security updates are largely created by volunteers working in their spare time. Some packages may receive more attention than others. To
    view the current list of known unfixed vulnerabilities see https://security-tracker.debian.org/tracker/status/release/stable
    """

    Please send a patch, issue or mail about that separately.

    OK

    --
    Sent with https://mailfence.com
    Secure and private email

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Salvatore Bonaccorso@21:1/5 to Paul Wise on Mon Jan 10 06:40:02 2022
    Hi,

    On Wed, Jan 05, 2022 at 02:20:46PM +0800, Paul Wise wrote:
    (Side note: It seems that NVD tends to assign "medium" severity to vulnerabilities initially, but upgrades them to "high" or "critical"
    later. However, Debian keeps showing the initial severity rating)

    Please send a patch, issue or mail about that separately.

    We are going to stop anyway at some point displaying the NVD severity,
    for context see #992115.

    Regards,
    Salvatore

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From max@21:1/5 to carnil@debian.org on Fri Jan 14 00:40:01 2022
    January 10, 2022 6:31:37 AM CET Salvatore Bonaccorso <carnil@debian.org> wrote:

    We are going to stop anyway at some point displaying the NVD severity, for context see #992115.

    As I see it, Debian should be free to display or not display NVD ratings, but it shouldn't display the incorrect "medium" NVD ratings, when they are actually much worse, as it's been doing. In fact, I think it should issue a public retraction.

    Any progress on my original proposal? Are the wheels in motion?

    https://lists.debian.org/debian-security/2021/12/msg00002.html https://lists.debian.org/debian-security/2022/01/msg00002.html

    I can't help but feel that it's a 15 second job for anyone with write access to the site, and the reprehensibility of the current claims should be obvious to those with a working moral compass.

    --
    Sent with https://mailfence.com
    Secure and private email

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Pierre-Elliott =?utf-8?Q?B=C3=A9cue@21:1/5 to maxwillb@mailfence.com on Fri Jan 14 23:50:02 2022
    max <maxwillb@mailfence.com> wrote on 14/01/2022 at 00:38:44+0100:

    January 10, 2022 6:31:37 AM CET Salvatore Bonaccorso <carnil@debian.org> wrote:

    We are going to stop anyway at some point displaying the NVD severity, for context see #992115.

    As I see it, Debian should be free to display or not display NVD
    ratings, but it shouldn't display the incorrect "medium" NVD ratings,
    when they are actually much worse, as it's been doing. In fact, I
    think it should issue a public retraction.

    Any progress on my original proposal? Are the wheels in motion?

    https://lists.debian.org/debian-security/2021/12/msg00002.html https://lists.debian.org/debian-security/2022/01/msg00002.html

    I can't help but feel that it's a 15 second job for anyone with write
    access to the site, and the reprehensibility of the current claims
    should be obvious to those with a working moral compass.

    Maybe at some time you could just stop keeping on insisting on that
    matter?

    Regards,
    --
    PEB

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Robert Ricardo Ikaka@21:1/5 to All on Sat Jan 15 04:30:02 2022
    https://chng.it/jJvMChbdsJ

    сб, 15 янв. 2022 г., 01:45 Pierre-Elliott Bécue <peb@debian.org>:


    max <maxwillb@mailfence.com> wrote on 14/01/2022 at 00:38:44+0100:

    January 10, 2022 6:31:37 AM CET Salvatore Bonaccorso <carnil@debian.org>
    wrote:

    We are going to stop anyway at some point displaying the NVD severity,
    for context see #992115.

    As I see it, Debian should be free to display or not display NVD
    ratings, but it shouldn't display the incorrect "medium" NVD ratings,
    when they are actually much worse, as it's been doing. In fact, I
    think it should issue a public retraction.

    Any progress on my original proposal? Are the wheels in motion?

    https://lists.debian.org/debian-security/2021/12/msg00002.html https://lists.debian.org/debian-security/2022/01/msg00002.html

    I can't help but feel that it's a 15 second job for anyone with write access to the site, and the reprehensibility of the current claims
    should be obvious to those with a working moral compass.

    Maybe at some time you could just stop keeping on insisting on that
    matter?

    Regards,
    --
    PEB



    <div dir="auto"><a href="https://chng.it/jJvMChbdsJ">https://chng.it/jJvMChbdsJ</a></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">сб, 15 янв. 2022 г., 01:45 Pierre-Elliott Bécue &lt;<a href="mailto:peb@debian.org">peb@debian.
    org</a>&gt;:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
    max  &lt;<a href="mailto:maxwillb@mailfence.com" target="_blank" rel="noreferrer">maxwillb@mailfence.com</a>&gt; wrote on 14/01/2022 at 00:38:44+0100:<br>

    &gt; January 10, 2022 6:31:37 AM CET Salvatore Bonaccorso &lt;<a href="mailto:carnil@debian.org" target="_blank" rel="noreferrer">carnil@debian.org</a>&gt; wrote:<br>
    &gt;<br>
    &gt;&gt; We are going to stop anyway at some point displaying the NVD severity, for context see #992115.<br>
    &gt;<br>
    &gt; As I see it, Debian should be free to display or not display NVD<br>
    &gt; ratings, but it shouldn&#39;t display the incorrect &quot;medium&quot; NVD ratings,<br>
    &gt; when they are actually much worse, as it&#39;s been doing. In fact, I<br> &gt; think it should issue a public retraction.<br>
    &gt;<br>
    &gt; Any progress on my original proposal? Are the wheels in motion?<br> &gt;<br>
    &gt; <a href="https://lists.debian.org/debian-security/2021/12/msg00002.html" rel="noreferrer noreferrer" target="_blank">https://lists.debian.org/debian-security/2021/12/msg00002.html</a><br>
    &gt; <a href="https://lists.debian.org/debian-security/2022/01/msg00002.html" rel="noreferrer noreferrer" target="_blank">https://lists.debian.org/debian-security/2022/01/msg00002.html</a><br>
    &gt;<br>
    &gt; I can&#39;t help but feel that it&#39;s a 15 second job for anyone with write<br>
    &gt; access to the site, and the reprehensibility of the current claims<br> &gt; should be obvious to those with a working moral compass.<br>

    Maybe at some time you could just stop keeping on insisting on that<br> matter?<br>

    Regards,<br>
    -- <br>
    PEB<br>

    </blockquote></div>

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From max@21:1/5 to peb@debian.org on Tue Jan 18 05:50:02 2022
    January 14, 2022 11:44:39 PM CET "Pierre-Elliott Bécue" <peb@debian.org> wrote:

    Maybe at some time you could just stop keeping on insisting on that
    matter?

    I thought this was just an oversight, but since this is intentional, it isn't. How can you possibly justify and continue such a flagrant misrepresentation?


    """
    We handle all security problems brought to our attention and ensure that
    they are corrected within a reasonable timeframe. Many advisories are coordinated with other free software vendors and are published the same day
    a vulnerability is made public and we also have a Security Audit team that reviews the archive looking for new or unfixed security bugs.
    """


    Half a year is not "within a day", or "a reasonable timeframe".

    Mislabeling "critical" NVD ratings as "medium" fits the same pattern.

    --
    Sent with https://mailfence.com
    Secure and private email

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Pierre-Elliott =?utf-8?Q?B=C3=A9cue@21:1/5 to maxwillb@mailfence.com on Tue Jan 18 23:40:02 2022
    max <maxwillb@mailfence.com> wrote on 18/01/2022 at 05:46:10+0100:

    January 14, 2022 11:44:39 PM CET "Pierre-Elliott Bécue" <peb@debian.org> wrote:

    Maybe at some time you could just stop keeping on insisting on that
    matter?

    I thought this was just an oversight, but since this is intentional,
    it isn't. How can you possibly justify and continue such a flagrant misrepresentation?


    """
    We handle all security problems brought to our attention and ensure that
    they are corrected within a reasonable timeframe. Many advisories are coordinated with other free software vendors and are published the same day a vulnerability is made public and we also have a Security Audit team that reviews the archive looking for new or unfixed security bugs.
    """


    Half a year is not "within a day", or "a reasonable timeframe".

    Mislabeling "critical" NVD ratings as "medium" fits the same pattern.

    Your behaviour could be seen as aggressive.

    If you keep going on, there is a high chance that everybody will start
    ignoring you, or, if you keep being pushy, ask that you are temporarily prevented to mail debian lists.

    You'll therefore not obtain the expected result, and people will start
    ignoring you.

    You got a reply from Salvatore and this is quite enough for now.

    --
    PEB

    --=-=-Content-Type: application/pgp-signature; name="signature.asc"

    -----BEGIN PGP SIGNATURE-----

    iQJDBAEBCgAtFiEESYqTBWsFJgT6y8ijKb+g0HkpCsoFAmHnQPMPHHBlYkBkZWJp YW4ub3JnAAoJECm/oNB5KQrKoncP/31BojIBZBDXRxo+DPmoHCGDMcByy99ifEjx Jr5hYZzjsO4HXzfIR9A81cTEh3t9ilfQb3A2f6Dx4B7+MwXLnu0YPuO90CUZ6KMO 2jpbGBrhK0OmCbm5il+vUuyxKFJbxjgTmikQQKYOEay/UUlGllIx1xiCBE/0YU+J YMaURfPLLz570vtIWtTi5t1XPlnTT7bCqpMikWg6sST/TqIIEXYmeLIpnmYe3mFz k0LyuN2p+zUfE0gi+CoQQX0Dx80LUZlWYHrr1hZZqzowDkXLo5GbXTYXm0mhnQmi 1nN46/iZE9qeACiP/85fMDNNgz1w/CeHxsEL8Yl0NucDwoa2wtWBFBrN9bFLCpaL rw6IlNJCvxX9IYbgAEG23pbqjjbwMV/9W1NddDEzPh46H6QkE/9jYFVG6dPbRyqL KGJhYKsM1q9Bz47s+0PY0aBsDRFBzHaNC2xq4VCVWcRjDZX6KVbpIhbOWkVPhRMM 3ze/JAnVQ9rajEdKgXR9ANh2NZ3ghvxh5mFYwFqRjjvvJsPaYsfQ8ssaG2p4mq5J bAVXVTl7VqOMPZwKTGT7cbABcB55DjVRfNsTbNWW6vb4K1VRqjk+HpXg6mPAp0kD WoOxzawYXzsMgrxLzqHR1H3ne/VTOdJnIQ4Vpey5D2pWJdbXz7r6yIG+0T1+MVrw
    PhRWtA5I
    =3+Kl
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From max@21:1/5 to peb@debian.org on Thu Jan 20 23:00:02 2022
    January 18, 2022 11:28:48 PM CET "Pierre-Elliott Bécue" <peb@debian.org> wrote:

    if you keep being pushy, ask that you are temporarily prevented to mail debian lists

    You didn't actually reply to my question addressed to you. All you did was publicly threaten me (and thus anyone else who might be interested in discussing this issue) with a ban. That's some shameful stuff.

    And yes, if it looks like I stopped posting, it means that I was banned.

    --
    Sent with https://mailfence.com
    Secure and private email

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From RP@21:1/5 to max on Fri Jan 21 02:20:01 2022
    I

    On 1/20/22 13:51, max wrote:
    January 18, 2022 11:28:48 PM CET "Pierre-Elliott Bécue" <peb@debian.org> wrote:

    if you keep being pushy, ask that you are temporarily prevented to mail debian lists
    You didn't actually reply to my question addressed to you. All you did was publicly threaten me (and thus anyone else who might be interested in discussing this issue) with a ban. That's some shameful stuff.

    And yes, if it looks like I stopped posting, it means that I was banned.
    If you want things changed, you gotta do the work.  Be a developer, join
    the group and then vote.  Anything else is just annoying.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Pierre-Elliott =?utf-8?Q?B=C3=A9cue@21:1/5 to maxwillb@mailfence.com on Fri Jan 21 12:00:01 2022
    max <maxwillb@mailfence.com> wrote on 20/01/2022 at 22:51:24+0100:

    January 18, 2022 11:28:48 PM CET "Pierre-Elliott Bécue" <peb@debian.org> wrote:

    if you keep being pushy, ask that you are temporarily prevented to
    mail debian lists

    You didn't actually reply to my question addressed to you.

    That's true. The reason is that I have no intent to reply to your
    question addressed to me.

    Essentially because of your behaviour, but also because I am not part of
    the Security Team.

    All you did was publicly threaten me […] with a ban.

    I also told you that your actions could be perceived as aggressive (and
    the more things go on, the more I'm convinced that it could be more than
    a subjective feeling), but it seems you decided to ignore that point.

    (and thus anyone else who might be interested in discussing this
    issue)

    Where I live, we usually call this kind of reasoning a sophism. I don't
    think that I need to elaborate on this.

    That's some shameful stuff.

    Thanks for sharing your opinion on this. In order to spare both of us
    some time, let's agree to disagree.

    And yes, if it looks like I stopped posting, it means that I was banned.

    If that were to happen, then it would mean a listmaster read what you
    said and considered your behaviour was against the Debian Lists
    Policy/Code of Conduct/Standard (call it whatever you like), and
    therefore it would be quite normal.

    Instead of grinding some axe for an unknown reason, and being semi
    spamming about that topic (which is quite unimportant, to be fair) for
    the last month, feel free to contribute, or, if you don't want to, then
    go do something else.

    Apart from being annoying, you are achieving nothing here, and we all
    have better things to do.

    Regards,

    --
    Pierre-Elliott Bécue

    --=-=-Content-Type: application/pgp-signature; name="signature.asc"

    -----BEGIN PGP SIGNATURE-----

    iQJDBAEBCgAtFiEESYqTBWsFJgT6y8ijKb+g0HkpCsoFAmHqkSkPHHBlYkBkZWJp YW4ub3JnAAoJECm/oNB5KQrKm/AP/2/v8ZquJHrTV4Fk8ceJVO8llp5Q5/TB7NIy 8ui6CfgkPeE2EdQ1Ur5Wa+CRnEpekS2b+3M91H4tNRHGRnGFzAwVMCCJdCoUPBzS hVToDc+guORR91Z9X5szI3wT87sByunyYuFTMRfZIJV/8uU0zRqbS8PO8mhJDDCl B86mBrlgn/CguJNkaQN/0Bor8rbVLreoLA+vPGljZFTamx2hs46cbN6/yafhL8oH n5BvuOtFxmxHpkqTyNJO10YFrFRDhIRc8VALlQZy87+m7Yt6T4FxAFGO7f/A1/xd viKTT0o8CAqrdUfEx9wg0qg+fxjSERnXl6kP7HMQBrE8XdoiZBjuUj0b1uOkRYG0 K+BQ6yFMm+5HXU14Xzi4pRccbVqBcoQDpEC6/JR278nquJAk2/A9bvSrfKLUXpfF 5vUARcK9U1qDcesKxaCFjudgu46WYcqxe1GlouyN+eLfkgHgGoLFTOmSW3mBsJDL +b8gDTMide9g6/qhyCv1nemKKK9IhUqCYezWjYQbB1Tn/JSkabbAJQUugqjcfIfE o68JoV+sUgdH8qkVa6MetbhiakNgMTdeiAoADvS1sMN4KDdPgb5h0qg4M+zbbsiV chsPPxFU45UMy7FcyyIqjpUN+/pM7F3qyHtIP1K/K8BxtYiaq4ITGI9Bir2Rji9r
    eyuUQzKO
    =s8JE
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet