Am Samstag, 3. November 2007 13:55:51 schrieb Aniruddha: > On Sat, 2007-11-03 at 13:38 +0100, Detlef Reichelt wrote: > > Am Samstag, 3. November 2007 12:41:02 schrieb Aniruddha: > > > Gentoo for example is 100% free, it's entirely maintained by > > > volunteers, and has the highest security standards in the industry: > > > > feel free to be the security-manager, policy-manager, coordinator and > > what ever in the packman-team. > > Actually this is even more easy then it sounds (and I am not a > programmer). It only requires to document some simple rules for package > handling (e.g. that packager should check for malware, and the > monitoring of some standard security bulletins). > > Off course you can't expect the packagers to always act immediately on > security flaws. I my opinion it would be enough to: > > -1st get the message out > -2nd try to fix the problem asap (mostly by upgrading the package) That's already what each packager tries to do for his set of packages.
> Another importing thing to do is to set up a 'testing' and a 'stable' > tree. Packages only get moved to 'stable' after a period of testing in > which is confirmed that packages don't cause any problems. +1! I've suggested this idea long time ago, but more for cvs and beta builds going into a testing repo. _______________________________________________ Packman mailing list [email protected] http://212.112.227.138/cgi-bin/mailman/listinfo/packman
