[arch-general] Arch Linux security is still poor....
Magnus Therning
magnus at therning.org
Mon Mar 15 23:42:59 CET 2010
On 15/03/10 22:34, Xavier Chantry wrote:
> On Mon, Mar 15, 2010 at 11:18 PM, Magnus Therning <magnus at therning.org> wrote:
>> After a quick look at it I don't see much that would apply though. Arch
>> doesn't have releases. Arch follows upstream releases very closes (in some
>> cases even too closely ;-)
>>
>> So, if there is no need for backporting to a set of packages that has been
>> blessed into a supported release, what is left to do for a dedicated security
>> team?
>>
>
> 1) what allan said :
> A group could monitor security issues and file bugs to get the devs to
> fix them.
Is there any evidence that this is actually needed?
My impression is that maintainers already are monitoring upstream releases.
When they are lagging, there are users who mark things out-of-date. The
occasional non-maintainer upload doesn't seem to warrant a dedicated team.
> 2) resume and finish the gpg work for pacman & friends
Sure, that is worth doing. Is it really a task for a dedicated security team?
It sounds more like a one-time thing for a group of developers.
Please do note that I'm more than willing to be convinced.
/M
--
Magnus Therning (OpenPGP: 0xAB4DFBA4)
magnus@therning.org Jabber: magnus@therning.org
http://therning.org/magnus identi.ca|twitter: magthe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-general/attachments/20100315/0c47175a/attachment.bin>
More information about the arch-general
mailing list