On 15/03/10 22:03, Ananda Samaddar wrote:
On Mon, 15 Mar 2010 14:56:32 -0700 Thayer Williams <thayerw@gmail.com> wrote:
No offence taken and FWIW a lot of people switch distros because of one or two fundamental needs that aren't meant. This wouldn't be any different.
Look forward to hearing what you have to say...
I'd like to help get things moving before I give up on Arch. It's too good a distro not to.
I've been having a look at the Gentoo security policy here:
http://www.gentoo.org/security/en/vulnerability-policy.xml
It looks like a pretty good template we could adapt to our needs. The document in that link is licensed under a Creative Commons attribution licence. It mirrors a lot of the things I was going to suggest too.
After a quick look at it I don't see much that would apply though. Arch doesn't have releases. Arch follows upstream releases very closes (in some cases even too closely ;-) So, if there is no need for backporting to a set of packages that has been blessed into a supported release, what is left to do for a dedicated security team? /M -- Magnus Therning (OpenPGP: 0xAB4DFBA4) magnus@therning.org Jabber: magnus@therning.org http://therning.org/magnus identi.ca|twitter: magthe