Hi Richard,
Richard Amerman wrote: > I'm sure that this topic is not new but it is probably one that should > be brought up regularly incase there are new options as to how to > address the issue. > > My company, and other companies I work with (and I'm very sure we are > not alone in this) would find it extremely valuable if there was a > system/process where all the core LRP's were monitored for security > bulletins. When one of these bulletins were to be released it would > trigger a process of updating the LRP ASAP and letting everyone on, what > may be a new list, that the update was available, a LEAF errata per say. > > I think that people, including us, would contribute $ to see this put > together, while not making it any kind of premium service, but available > to everyone. It could just be a voluntary donation thing, or/also > involve one or more bounties. It would also be valuable if this task was > taken on by something other than just an individual or group of > individuals, but a business that has a large stake in things, or some > organization with some structure. The idea on this is credibility and > stability, not only in reality but from a perception standpoint. > > (Translate, I have to show my boss something that he can put some faith in.) I surely see your point (at my day job, I work with many people where an SLA, or at least having a company to hold responsible is the main issue). The company I work for (http://www.guh-software.de - no advertising intended, just so you know which company I'm talking about) is thinking about offering a subscription based model for receiving timely security updates for leaf Bering uClibc. The reason for that is that we're also looking into the possibility of marketing hardware with Bering uClibc installed, and for such a product, some sort of update service would be mandatory anyway. It has not been decided yet if that will actually happen (I guess it also depends on how much interest there is in such a service). If you (or anybody else) are interested in such a service, please contact me off-list for details on what exactly we're thinking about, as well as the costs involved (it will not cost a huge amount, but it will _definately_ not be offered for free. We will provide the sources of the updated packages via the leaf Bering uClibc CVS area though - partly because we want to help the leaf project and also because we believe in honouring licences). Martin ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf ------------------------------------------------------------------------ leaf-user mailing list: [email protected] https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
