On Tue, 22 Jun 2010 13:16:23 +1000 "Allan McRae" <al...@archlinux.org> wrote: > > The point is that the developers around here already patch for > security issues. The only change that I think that a security team > will achieve is to notify me (as a developer) of issues that I have > overlooked on the upstream mailing lists and file a bug report. It > is a bonus if the issue is pre-analyzed for me and all relevant links > supplied so I can assess it quickly myself and release a fixed > package if I deem that being suitable. > > Allan
This is exactly what we plan to do, with the addition of providing interim PKGBUILDs (with a disclaimer that they are unofficial) and announcements when a security related bug is fixed by a package update. Such interim PKGBUILDs would be peer-reviewed by the Security Team and submitted with the relevant bug report to aid the package maintainer. I can't see how this is not useful. It will also lighten the workloads of the devs and package maintainers. Ananda
signature.asc
Description: PGP signature
