On Tue, 16 Mar 2010 07:29:45 +1000 Allan McRae <allan@xxxxxxxxxxxxx> wrote: > > As an aside, I would like to see some numbers on where we could > improve in this area. I have been following the CVE announcements > and several other distros security releases for the past few months > and from what I see, I believe Arch is mostly ahead of the game. > Following the latest upstream releases has its advantages. > > Allan > This may be true in the sense that by using the latest packages we are incorporating security fixes as they are released by default. I take issue with the fact that there's no dedicated team and nothing in place to deal with security alerts. The other issue being the lack of signed packages. I don't know how much of a problem this is for other Arch users. Would there be any enthusiasm for a dedicated security team? I feel strongly enough about it that if something can't be done then I'm switching to another distro. Despite the fact that I really like Arch, it's one deficiency is a pretty glaring one in my opinion. I hope this doesn't turn into a flamefest and my opinions are by no means meant to be a slight on the Arch devs or community. Ananda
