Lubomir Kundrak wrote: > Well, that sounds fair, but be warned, that the audit files are specially for our > track and doesn't have to be 100% reliable. Watching the package announce list > for [SECURITY] things can be always relied on, though it will have some latency > compared to this, as packagers need time to roll updates. Anyways, knowing about > the vulnerability and not having the updated package avaliable is not always usable. I'll be subscribing to the package announce list, and maybe using the commit log less. > So you are for separating the lists. Is the only issue the name of the list? In > that case, the CVS logs traditionally go to -commits mailing lists. I assume it > won't be much of an issue for you to subscribe to that one and unsubscribe this > one eventually, if you're not interested in discussions, just in raw audit data. Not really hard to resubscribe -- I just viewed the discussion as my opportunity to find out what is the best way to keep up to date on Fedora security issues. -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
