[arch-general] Arch Linux security is still poor....

Ananda Samaddar ananda at samaddar.co.uk
Mon Mar 15 22:43:56 CET 2010


On Tue, 16 Mar 2010 07:29:45 +1000
Allan McRae <allan at archlinux.org> wrote:
> 
> As an aside, I would like to see some numbers on where we could
> improve in this area.  I have been following the CVE announcements
> and several other distros security releases for the past few months
> and from what I see, I believe Arch is mostly ahead of the game.
> Following the latest upstream releases has its advantages.
> 
> Allan
> 

This may be true in the sense that by using the latest packages we are
incorporating security fixes as they are released by default.  I take
issue with the fact that there's no dedicated team and nothing in place
to deal with security alerts.  The other issue being the lack of signed
packages.  I don't know how much of a problem this is for other Arch
users.  

Would there be any enthusiasm for a dedicated security team?  I feel
strongly enough about it that if something can't be done then I'm
switching to another distro. Despite the fact that I really like Arch,
it's one deficiency is a pretty glaring one in my opinion.  I hope this
doesn't turn into a flamefest and my opinions are by no means meant to
be a slight on the Arch devs or community.

Ananda


More information about the arch-general mailing list