[arch-security] Arch Linux Security Advisories
Marian Sigler
m at qjym.de
Fri Sep 26 23:57:15 UTC 2014
Hi *,
I like that idea! I think security updates etc could need some more
attention.
I don't know anything about arch and pacman internals (I'm rather new to
arch if that counts as a justification ;) ), so I don't know if that's
doable or already discussed, etc, but:
What I, as a user, would like to see as a final result of this
connecting cve with updates thing is that new versions of packages can
be marked as closing a security vulnerability.
That allows for various cool things, such as
- periodically running some command that updates the package lists and,
if there is an update involving a security fix, notify the user
- if you like, automatically update such packages if only the bugfix
version number changes (and the package is not on a blacklist and ...
whatever rule you define)
In the moment, I update very often, because I think "maybe there's a
security fix somewhere, better take care", and I never know if I should
reboot (or at least restart some things). Once that has been implemented
reliably, I could be a little more relaxed in this (e.g. not upgrade at
all when I don't have much time for a week or two, unless there's such a
notification)
As I said, just a suggestion from an unknowing user point of view ;)
regards,
Marian
More information about the arch-security
mailing list