Hmm, maybe the situation is not that bad after all...
Consider the recent OI releases, each containing hundreds of updated packages 
with respect to the previous one. I didn't track this in detail, but it seems 
very likely that many of these updates also addressed security issues. That 
would mean that a large number of security fixes actually *have* been provided, 
although they have not been announced as such.

Wouldn't it be possible to push such packages to the "updates" channel as soon 
as they are finished (as long as dependencies permit), or at least after some 
limited amount of testing? If concerned about package quality, one could maybe 
provide two such channels - one for fresh packages which can be installed by 
early adopters, and a second one to which packages get forwarded if no 
significant flaws are reported within, say, a two week period. This could give 
end users more timely access to (security) updates without generating extra 
workload to the core developers. But maybe in practice it's not that simple...

The second thing which an OI user would probably find useful is a resource 
providing a list of *significant* security issues which have not been fixed 
yet. This is important for getting an idea how safe (or unsafe) it actually is 
to use this system. And it could help the core developers to focus on the most 
important issues in the precious time they are dedicating to OI.
The "security advisories" page on openindiana.org is currently empty; is this a 
good sign or a bad one ;-) ?

Oliver





------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher
Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------

_______________________________________________
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Reply via email to