12 Jun
2014
12 Jun
'14
9:23 a.m.
On 05/06/14 11:23 PM, Mark Lee wrote:
To All,
There is an Arch security team, but they don't necessarily have developer access. The strategy is to current report to the arch-security mailing list and file a bug report. I'd just like to know if security issues that are reported are already fixed (since there is a delay for non-distro subscribing lists). Could developers file any security changes they make in the arch-security mailing list as well then?
Regards, Mark
The delay can't be used to fix the packages early. It's only for preparing an upgrade to push when the embargo expires, and in most cases the packager is going to fix it by upgrading rather than doing a backport.