On Sat, 2007-11-03 at 12:23 +0100, Marc Schiffbauer wrote: > * Aniruddha schrieb am 03.11.07 um 08:44 Uhr: > > Hi Aniruddha, > > > I am planning to support openSUSE 10.3 for both companies an home users. > > I have found the Packman repository irreplaceable to get openSUSE > > working in all it's glory. Thank you for that. > > Good to hear that, thank you ;-) > > > > > Now on with the more serious questions. My basic question is; I do trust > > you guys, but how good are your security policies? > > The systems where packages are originally hosted and where most of > the packages are being built have sort of security policies in a way > that they are actively monitored and that there are strict security > policies from an adminitrative point of view like login stuff, > security patches etc. > > > Is the original > > source checked for signs of malware? > > No. Every packager does its best to build high quality packages. But > we have to trust the original source of each software. > > > > What is your policy for security > > fixes? > > New versions of packages will be built when they are released > upstream and the package is actively being maintained at packman. > But there are cases for sure where the packager has not time at the > moment or something like that as all are doing the packman stuff in > their free time. > > > Who monitors them? What is the maximum response time if a > > vulnerability is discovered? > > There is none. > > You may not use our packages if you need a strict response time for > security updates etc. > > That being said I think we have a good average "response time" for > package updates. But we would not guarantee anything. > > -Marc
Thank you for your answers and picking up the positive message I started my e-mail with :) -- Regards, Aniruddha _______________________________________________ Packman mailing list [email protected] http://212.112.227.138/cgi-bin/mailman/listinfo/packman
