[arch-general] Arch Linux security is still poor....
Magnus Therning
magnus at therning.org
Mon Mar 15 23:18:52 CET 2010
On 15/03/10 22:03, Ananda Samaddar wrote:
> On Mon, 15 Mar 2010 14:56:32 -0700
> Thayer Williams <thayerw at gmail.com> wrote:
>>
>> No offence taken and FWIW a lot of people switch distros because of
>> one or two fundamental needs that aren't meant. This wouldn't be any
>> different.
>>
>> Look forward to hearing what you have to say...
>
> I'd like to help get things moving before I give up on Arch. It's too
> good a distro not to.
>
> I've been having a look at the Gentoo security policy here:
>
> http://www.gentoo.org/security/en/vulnerability-policy.xml
>
> It looks like a pretty good template we could adapt to our needs. The
> document in that link is licensed under a Creative Commons attribution
> licence. It mirrors a lot of the things I was going to suggest too.
After a quick look at it I don't see much that would apply though. Arch
doesn't have releases. Arch follows upstream releases very closes (in some
cases even too closely ;-)
So, if there is no need for backporting to a set of packages that has been
blessed into a supported release, what is left to do for a dedicated security
team?
/M
--
Magnus Therning (OpenPGP: 0xAB4DFBA4)
magnus@therning.org Jabber: magnus@therning.org
http://therning.org/magnus identi.ca|twitter: magthe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-general/attachments/20100315/17020dfa/attachment.bin>
More information about the arch-general
mailing list