On Tue, 6 Nov 2007 13:34:40 +0100 Dirk Kredler <[EMAIL PROTECTED]> wrote:
> Hello! > Hello. > > But what about security updates? This time I'm directly called, because I try to start an unofficial Archlinux Security Advices Project, just to see what we need to improve an what is ok in our system. I've see that, if devs upgrade packages flagged out-of-date fast, there is no reason to make an archlinux security task force. You can reply: "And what about searching, and not only fixing security bugs?" There are already security task forces, which work very hard and in beautiful way. Example? Gentoo or Debian's security projects. Why we need to throw our time in things that other do beautiful? Remember that: if security bug is discovered, the vendors release these products, an hypotetic user flags out-of-date the packages, the devs or TUs recompile it and we have closed the security issue. When is released only a patch.. oh, we can use the message that we must compile when we flag the packages out-of-date. So, now the problem is the 'proven quality' of our packages. IMHO all your problems are caused by programs itself, not on the way which we used to compile them; but, I know, sometimes things was wrong ( recently we have talked about the upgrading of libpcap, that has broken much things ). These errors can occour; but, for 2-3 times in a year, we can't spoke about packages ' with quality ' and packages 'whitout quality'. Other time, are the final users which do errors :) ( Only God knows how many times I broke my system... ) I hope that I'm being clear in my speech, feel free to ask me anything. > Thank you all very much > Dirk No, thank you for pointing out these important things. Have a nice day -- JJDaNiMoTh - ArchLinux Trusted User
pgpHS1WBVVlCw.pgp
Description: PGP signature
_______________________________________________ arch mailing list [email protected] http://archlinux.org/mailman/listinfo/arch
