I suppose my problem with all the Arch security/insecurity talk is that it assumes that Arch users are not more than capable of reading lists and discovering bug and holes in software that we use daily. I don't think there has ever been an issue with an Arch package that wasn't fixed as soon as upstream made a fix available. We can't expect our small community to fix upstream bugs and issues. Moreover, the effort should be spent on addressing distribution specific shortcomings. Just my two cents. On Feb 1, 2010 5:56 PM, "Pierre Chapuis" <catwell@xxxxxxxxxxxx> wrote: Le Mon, 1 Feb 2010 22:21:03 +0100, Heiko Baums <lists@xxxxxxxxxxxxxxx> a écrit : > If a security bug is found it should be filed to and fixed by upstream > anyway. This is true, except sometimes upstream patching can take a while and it would be a good idea to warn users about the problem in the meantime so that they can take temporary measures. If there's a single thing that I miss about Arch security, it's Arch Sheriff : it basically did that. Maybe people who want to do something about security could begin with resurrecting it. -- catwell
