[arch-security] Subscription to OSS-security linux-distros

Daniel Micay danielmicay at gmail.com
Thu Jun 12 05:23:24 EDT 2014


On 05/06/14 11:23 PM, Mark Lee wrote:
> To All,
> 
> There is an Arch security team, but they don't necessarily have
> developer access. The strategy is to current report to the arch-security
> mailing list and file a bug report. I'd just like to know if security
> issues that are reported are already fixed (since there is a delay for
> non-distro subscribing lists). Could developers file any security
> changes they make in the arch-security mailing list as well then?
> 
> Regards,
> Mark

The delay can't be used to fix the packages early. It's only for
preparing an upgrade to push when the embargo expires, and in most cases
the packager is going to fix it by upgrading rather than doing a backport.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-security/attachments/20140612/8038d75c/attachment.asc>


More information about the arch-security mailing list