[arch-general] No arch-security emails for 3 months
The arch-security mailing list has not sent anything since December 2021. How come? Have there been 0 security fixes in packages? Is the security team busy? Something else? Just curious, thanks.
On Sat, Apr 02, 2022 at 08:16:33PM +0200, kiasoc5--- via arch-general wrote:
The arch-security mailing list has not sent anything since December 2021. How come? Have there been 0 security fixes in packages? Is the security team busy? Something else? Just curious, thanks.
Yo, There has been several CVEs registered in the tracker but no advisory work has been done since December. This is mostly because of security team burnout and the tedious work that CVE tracking entails. Getting some form of automatic CVE ignestion to the point where we don't need to deal with the manuel work it currently is would be great, but that requires a fair bit of work sadly :/ -- Morten Linderud PGP: 9C02FF419FECBE16
I noticed the same thing and had the same question On 4/2/22 17:14, Morten Linderud via arch-general wrote:
On Sat, Apr 02, 2022 at 08:16:33PM +0200, kiasoc5--- via arch-general wrote:
The arch-security mailing list has not sent anything since December 2021. How come? Have there been 0 security fixes in packages? Is the security team busy? Something else? Just curious, thanks.
Yo,
There has been several CVEs registered in the tracker but no advisory work has been done since December. This is mostly because of security team burnout and the tedious work that CVE tracking entails.
Getting some form of automatic CVE ignestion to the point where we don't need to deal with the manuel work it currently is would be great, but that requires a fair bit of work sadly :/
Apr 2, 2022, 21:28 by arch-general@lists.archlinux.org:
I noticed the same thing and had the same question
On 4/2/22 17:14, Morten Linderud via arch-general wrote:
On Sat, Apr 02, 2022 at 08:16:33PM +0200, kiasoc5--- via arch-general wrote:
The arch-security mailing list has not sent anything since December 2021. How come? Have there been 0 security fixes in packages? Is the security team busy? Something else? Just curious, thanks.
Yo,
There has been several CVEs registered in the tracker but no advisory work has been done since December. This is mostly because of security team burnout and the tedious work that CVE tracking entails.
Sorry to hear. Thanks for at least keeping the tracker updated. I'm guessing that's why arch-audit has not informed me of any security updates recently.
Getting some form of automatic CVE ignestion to the point where we don't need to deal with the manuel work it currently is would be great, but that requires a fair bit of work sadly :/
participants (3)
-
amw
-
kiasoc5@tutanota.com
-
Morten Linderud