On 01/28/2016 04:29 PM, Elmar Stellnberger wrote:
Now there are different opinions about this: Some people certainly estimate comments, questions and discussion about security issues which do not solely pertain to updates of packages for already known security issues. Allowing discussion about potential security risks is also an important issue though certain package maintainers and arch-security personnel may feel discomforted about such discussions. Nonetheless I would believe such discussion to be worthwhile and important.
first at all: please follow the general Arch Linux mailinlist rules and always bottom-post. Also I would like to state that you still have the possibility to do so, you can safely discuss anything Arch Linux related (which includes security) on arch-general. That is (and was) already done in the history, most recent threads f.e.: "AppArmor on linux-grsec" [0], "pacman signature verification" [1], "SELinux on Arch" [2]... In my opinion I don't feel like we are urged to have a separate list as most of the time the topics blur the line and splitting it does not provide much benefit. On 01/28/2016 04:29 PM, Elmar Stellnberger wrote:
P.S. Slightly off-topic: my sincerest gratitude to everyone behind the security announcements! You're doing a great job, and this is not just empty words.
Thank you very much, that is appreciated and makes us happy... however to be pedantic: Most of the work needs to be done before any announcements, that is just the (smallest) final step :) cheers, Levente [0] https://lists.archlinux.org/pipermail/arch-general/2016-January/040516.html [1] https://lists.archlinux.org/pipermail/arch-general/2016-January/040505.html [2] https://lists.archlinux.org/pipermail/arch-general/2016-January/040479.html