In my opinion I don't feel like we are urged to have a separate list as most of the time the topics blur the line and splitting it does not provide much benefit.
Distributions tend to have own security lists so that people can receive security related stuff, only. To me there is simply too much irrelevant traffic with regards to security related topics on the arch-general list. Getting posts about imminent and potential security risks from many different sides is f.i. something I still estimate about the Debian security list very much. Besides the fact that many people from the security list previously also open for discussion will not participate in a discussion here I wanna say that I would still estimate an own list for security discussion if not achieving the current security list to be opened up for posts from various sides again. If you do not want any discussion there simply rename this list from "Discussion about security issues in Arch" into "Security Announcements for Arch". Then it will be clear to everyone that this list is not for posing security related questions or just having a discussion. Am 2016-01-28 um 17:29 schrieb Levente Polyak:
On 01/28/2016 04:29 PM, Elmar Stellnberger wrote:
P.S. Slightly off-topic: my sincerest gratitude to everyone behind the security announcements! You're doing a great job, and this is not just empty words.
Thank you very much, that is appreciated and makes us happy... however to be pedantic: Most of the work needs to be done before any announcements, that is just the (smallest) final step:)
No doubt, the Arch as well as other indipendent security teams are currently doing a great job! It needs to be said twice. Nonetheless there are two things that should be mentioned: First of all if there is something that I keep estimating most about the many Open Source communities then it is people always being open for contribution, input and discussion from various sides. Secondly we can not suggest to people that they are in a safe place just because they are using up to date OSS software by the time. Many serious and dire security vulnerabilities (leading f.i. to arbitrary code execution or privilege escalation) have recently been closed not just in the Chrome and Firefox browser but there may very likely be further issues; i.e. keep your work going, I just wanna see a more secure OSS environment for the future! Elmar