There's not much we really can do to prepare since we're unlikely toOn 05/06/14 05:36 PM, Allan McRae wrote:
> On 06/06/14 05:14, Mark Lee wrote:
>> To All,
>>
>> There are several linux-distro subscription requests on the oss-security
>> mailing list, and some bugs are disclosed first on that mailing list. I
>> just want to be sure that Arch Linux is getting this expedited
>> notification of bugs. Are you still on it Allan?
>>
>
> Yes - I pass on the worst (or at least let people know the public
> release dates if not the details).
>
> A
have anything to backport. The work to backport to the stable release
will already be done for anything important enough to go through an
embargo. A restriction on disclosure for 7 days just means we'll get the
fix 7 days later.
The important issue here is that there needs to be enough interest in
security by developers and trusted users to prioritize these package
upgrades even if it's not a package they maintain, because the
maintainer might not be around.