[arch-general] Important notice on the Arch Security Team to the whole Arch Linux community.
Ananda Samaddar
ananda at samaddar.co.uk
Tue Jun 22 09:37:45 EDT 2010
On Tue, 22 Jun 2010 13:16:23 +1000
"Allan McRae" <allan at archlinux.org> wrote:
>
> The point is that the developers around here already patch for
> security issues. The only change that I think that a security team
> will achieve is to notify me (as a developer) of issues that I have
> overlooked on the upstream mailing lists and file a bug report. It
> is a bonus if the issue is pre-analyzed for me and all relevant links
> supplied so I can assess it quickly myself and release a fixed
> package if I deem that being suitable.
>
> Allan
This is exactly what we plan to do, with the addition of providing
interim PKGBUILDs (with a disclaimer that they are unofficial) and
announcements when a security related bug is fixed by a package update.
Such interim PKGBUILDs would be peer-reviewed by the Security Team and
submitted with the relevant bug report to aid the package maintainer. I
can't see how this is not useful. It will also lighten the workloads
of the devs and package maintainers.
Ananda
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 230 bytes
Desc: not available
URL: <http://mailman.archlinux.org/pipermail/arch-general/attachments/20100622/32b37ac0/attachment.bin>
More information about the arch-general
mailing list