In Distrowatch Weekly and ZDnet, they have a critical look at the security issues surrounding the latest release of Debian GNU/Linux.
Have a look here:
Well, it turns out that the Debian sarge security infrastructure is broken and has been broken since the release of sarge……….
It looks like a major upheaval in the security infrastructure of Debian is needed to ensure that the current situation does not happen again. But can it be done? Can a rather boring and thankless task of applying patches are releasing advisories be made more attractive and rewarding? Not easily. But it must be done – before Debian's reputation is further tarnished by more sloppy security work.
And from ZDNet:
Lack of manpower also appears to be adding to Debian's security woes. Michael Stone, another member of Debian's security team, expressed his frustration to the organisation's security e-mail mailing list in mid-June, saying there was no effective tracking of security problems.