2 Apr
2022
2 Apr
'22
9:14 p.m.
On Sat, Apr 02, 2022 at 08:16:33PM +0200, kiasoc5--- via arch-general wrote:
The arch-security mailing list has not sent anything since December 2021. How come? Have there been 0 security fixes in packages? Is the security team busy? Something else? Just curious, thanks.
Yo, There has been several CVEs registered in the tracker but no advisory work has been done since December. This is mostly because of security team burnout and the tedious work that CVE tracking entails. Getting some form of automatic CVE ignestion to the point where we don't need to deal with the manuel work it currently is would be great, but that requires a fair bit of work sadly :/ -- Morten Linderud PGP: 9C02FF419FECBE16