A few days ago I showed Sheriff [1], . IMHO it is good tool to help us
improve Arch's security.
What is missing now is a way to integrate Sheriff with Arch and mark a
vulnerability as fixed.
It would be great if we could add a field in PKGBUILD to indicate that
it fixed a vulnerability. It could be a comment (as the 'Contributor'
tag work) or even a new variable (fix=('vulnx' 'vulny')).
All this, of course, leads to some other things as commitment to
correct flaws or the creation of a security team. I do not know. I am
open to suggestions and would really like to know what you guys think
about it and if you think it is worth.
[1] http://dev.archlinux.org/~hugo/sheriff/
-- Hugo
