Le 24/10/2010 02:50, Miklos Vajna a écrit :
The trick is not to bump version but just backport a given security fix as a patch[...]
Yes, of course. But when an editor release a minor version to fix a flaw, we can bump this minor version, can't we ? (we're right that a new branch is a major release and should not be updated in FW stable - as it's frozen.
Actually in case someone focuses just on this (and not doing anything major in -current) then a single developer should be enough for a start. I can help with opening security bugs if that's the only problem - we have been invited to some closed security mailing lists as well; where at the end I has been subscribed.[...] I think right now the main problem is that open "[SEC] pkgname" bugs are not fixed fast enough - so no, the way to pick up security bugs is not about monitoring updates in -current but to monitor the oss-security@ and frugalware-security-private@ (the later is private, of course) mailing lists - there are enough info there already at the moment. :) [...] But you are totally right, to do it properly, we at least need one developer who is intereste backporting security fixes to -stable and writing FSA's for those backports. If you are willing to help in that area (or you know something who would be interested), then I'm willing to help in the first steps, though it's mostly documented here
I'm not sure to be your man but why not. I think security is a really important point to see some FW on professional servers (and I would like to use it in this case in several months).
I guess working both on security and reliability updates is too many work on one's own but maybe it's possible to do most of the work on the security side.
Indeed, I'm not sure to have the right skills to do the job; I've just migrated to FrugalWare two months ago and send very few packages on this list. Also, I can spend at most five hours a week in this task (maybe a ittle more on the beginning). Do you think it's really below what's needed ?
If no, I can offer to start working on this area next week and send patches on the BTS or the ML. Then, I'll see if I can spend the necessary time and you and other FW developers can help me to make good patchs. What do you think about ?
Have a nice day. _______________________________________________ Frugalware-devel mailing list [email protected] http://frugalware.org/mailman/listinfo/frugalware-devel
