On Tue, 16 Mar 2010 07:29:45 +1000 Allan McRae <allan@archlinux.org> wrote:
As an aside, I would like to see some numbers on where we could improve in this area. I have been following the CVE announcements and several other distros security releases for the past few months and from what I see, I believe Arch is mostly ahead of the game. Following the latest upstream releases has its advantages.
Allan
This may be true in the sense that by using the latest packages we are incorporating security fixes as they are released by default. I take issue with the fact that there's no dedicated team and nothing in place to deal with security alerts. The other issue being the lack of signed packages. I don't know how much of a problem this is for other Arch users. Would there be any enthusiasm for a dedicated security team? I feel strongly enough about it that if something can't be done then I'm switching to another distro. Despite the fact that I really like Arch, it's one deficiency is a pretty glaring one in my opinion. I hope this doesn't turn into a flamefest and my opinions are by no means meant to be a slight on the Arch devs or community. Ananda