[arch-general] Arch Linux and security - it needs some work

Robert Howard rjh0507 at ecu.edu
Wed Feb 3 02:26:57 EST 2010


I suppose my problem with all the Arch security/insecurity talk is that it
assumes that Arch users are not more than capable of reading lists and
discovering bug and holes in software that we use daily. I don't think there
has ever been an issue with an Arch package that wasn't fixed as soon as
upstream made a fix available. We can't expect our small community to fix
upstream bugs and issues. Moreover, the effort should be spent on addressing
distribution specific shortcomings. Just my two cents.

On Feb 1, 2010 5:56 PM, "Pierre Chapuis" <catwell at archlinux.us> wrote:

Le Mon, 1 Feb 2010 22:21:03 +0100,
Heiko Baums <lists at baums-on-web.de> a écrit :


> If a security bug is found it should be filed to and fixed by upstream
> anyway.
This is true, except sometimes upstream patching can take a while and
it would be a good idea to warn users about the problem in the meantime
so that they can take temporary measures. If there's a single thing
that I miss about Arch security, it's Arch Sheriff : it basically did
that. Maybe people who want to do something about security could begin
with resurrecting it.

--
catwell


More information about the arch-general mailing list