On Aug 18 09:09, Christopher Faylor wrote: > On Sun, Aug 17, 2008 at 09:42:02PM -0500, Yaakov (Cygwin Ports) wrote: > >-----BEGIN PGP SIGNED MESSAGE----- > >Hash: SHA256 > > > >Christopher Faylor wrote: > >> I hate to suggest another mailing list but I wonder if we should have > >> another unarchived, closed list for discussing security issues. The > >> recent setup.exe problem got me thinking that we might need something > >> like this. > >> > >> I'm not suggesting that this email was inappropriate since these are all > >> known issues but maybe another mailing list might help focus on > >> important security issues. > >> > >> Or should we just use this list and not worry about it? > > > >The major problem that we have with security is that we don't have a > >person/team which has advance notice of security issues like the Linux > >distros have, and I have no idea how to go about changing that. Right > >now I have to wait for the issues to be public in order to know about them. > > Either Corinna or I can ask the Red Hat person responsible for these > matters how we can "sign up" for this wonderful duty.
Personally I'm kind of not interested to go this road. If I learn about a problem in an upstream package, I update. If anybody else want's to take over responsibility for security problems, I certainly don't stand in the way, of course. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat