> On Fri, 2006-01-13 at 15:15 -0600, Josh Boyer wrote: >> >> Now the real question is, should there be some sort of defined policy >> for >> security fixes? >> > > I'd be game with making a extras-security alert address that had the > package signers and some other security folks on it so we could expedite > things if need be. > > but a private list, for obvious reasons. I'll second this. Seems like a good idea to me. Should we talk about embargos though? josh
