On Sat, 2007-11-03 at 13:38 +0100, Detlef Reichelt wrote: > Am Samstag, 3. November 2007 12:41:02 schrieb Aniruddha: > > Gentoo for example is 100% free, it's entirely maintained by volunteers, > > and has the highest security standards in the industry: > > feel free to be the security-manager, policy-manager, coordinator and what > ever in the packman-team. >
Actually this is even more easy then it sounds (and I am not a programmer). It only requires to document some simple rules for package handling (e.g. that packager should check for malware, and the monitoring of some standard security bulletins). Off course you can't expect the packagers to always act immediately on security flaws. I my opinion it would be enough to: -1st get the message out -2nd try to fix the problem asap (mostly by upgrading the package) Another importing thing to do is to set up a 'testing' and a 'stable' tree. Packages only get moved to 'stable' after a period of testing in which is confirmed that packages don't cause any problems. -- Regards, Aniruddha _______________________________________________ Packman mailing list [email protected] http://212.112.227.138/cgi-bin/mailman/listinfo/packman
