Hmm, maybe the situation is not that bad after all... Consider the recent OI releases, each containing hundreds of updated packages with respect to the previous one. I didn't track this in detail, but it seems very likely that many of these updates also addressed security issues. That would mean that a large number of security fixes actually *have* been provided, although they have not been announced as such.
Wouldn't it be possible to push such packages to the "updates" channel as soon as they are finished (as long as dependencies permit), or at least after some limited amount of testing? If concerned about package quality, one could maybe provide two such channels - one for fresh packages which can be installed by early adopters, and a second one to which packages get forwarded if no significant flaws are reported within, say, a two week period. This could give end users more timely access to (security) updates without generating extra workload to the core developers. But maybe in practice it's not that simple... The second thing which an OI user would probably find useful is a resource providing a list of *significant* security issues which have not been fixed yet. This is important for getting an idea how safe (or unsafe) it actually is to use this system. And it could help the core developers to focus on the most important issues in the precious time they are dedicating to OI. The "security advisories" page on openindiana.org is currently empty; is this a good sign or a bad one ;-) ? Oliver ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ _______________________________________________ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
