On Wednesday 03 February 2010 12:56:57 Robert Howard wrote: > suppose my problem with all the Arch security/insecurity talk is that it > assumes that Arch users are not more than capable of reading lists and > discovering bug and holes in software that we use daily. I don't think > there has ever been an issue with an Arch package that wasn't fixed as > soon as upstream made a fix available. We can't expect our small community > to fix upstream bugs and issues. Moreover, the effort should be spent on > addressing distribution specific shortcomings. Just my two cents. +1. Thats why I am still subscribed to slackware security announcment, just for cross-check. So far it hasn't mattered :) I think the issue for arch is not patching, that is already as good as it gets but configuration. Hardened kernel + user space, multiple available kernels, such as RBAC,gresec etc. I guess the demand is simply not too great. I filed a request for smack inclusion some time back and it was attempted too but it did not play well with some other things. I guess it will take some time before it is mature enough. -- Regards Shridhar
