It has been a long ride since our first Arch Linux Security Advisory released in September 2014 [0], but we are proudly announcing our 1000th published advisory [1]. In early days, the user RbN started some efforts [2] to track issues in the ArchWiki. The journey of our team began with a call for help by our long-time developer Allan McRae [3], which -- as a joint effort of Remi Gacogne (rgacogne) and Levente Polyak (anthraxx) [4] -- lead to the founding of the structured effort known today as the Arch Linux Security Team.

Without doubt the work and analysis is challenging and the overall workload massive. During our ongoing journey we have grown quite a lot and are happy to welcome Christian Rebischke (shibumi), Jelle van der Waa (jelle), Santiago Torres (sangy), Morten Linderud (Foxboron), Andrea Denisse Gómez (denisse) and Jonas Witschel (diabonas) to our team. Together we are able to offer a strong and successful security team that is continuously expanding and re-evaluating capacities to cover a broader area of our distro.

In December 2016 during the annual Chaos Communication Congress, we released our central security tracker [5] to streamline our vulnerability tracking and mitigation workflow. The tracker replaces the ArchWiki page which was used previously for this purpose. For further details on our adventure, we would like to invite you to watch the Arch Conf 2020 talk "Rolling your own security team for fun and no profit at all" [6].

Because a healthy team is not just about technology, but also about the people behind it, we have met in a Jitsi video conference to celebrate this awesome achievement and to chink glasses :-)

Sincerely, Your Security Team

[0] https://lists.archlinux.org/pipermail/arch-security/2014-September/000097.ht... [1] https://lists.archlinux.org/pipermail/arch-security/2021-January/001719.html [2] https://lists.archlinux.org/pipermail/arch-security/2014-March/000012.html [3] https://lists.archlinux.org/pipermail/arch-dev-public/2014-March/025952.html [4] https://lists.archlinux.org/pipermail/arch-security/2014-September/000098.ht... [5] https://security.archlinux.org [6] https://media.ccc.de/v/arch-conf-online-2020-6394-rolling-your-own-security-...