On 15/03/10 22:03, Ananda Samaddar wrote: > On Mon, 15 Mar 2010 14:56:32 -0700 > Thayer Williams <thayerw@xxxxxxxxx> wrote: >> >> No offence taken and FWIW a lot of people switch distros because of >> one or two fundamental needs that aren't meant. This wouldn't be any >> different. >> >> Look forward to hearing what you have to say... > > I'd like to help get things moving before I give up on Arch. It's too > good a distro not to. > > I've been having a look at the Gentoo security policy here: > > http://www.gentoo.org/security/en/vulnerability-policy.xml > > It looks like a pretty good template we could adapt to our needs. The > document in that link is licensed under a Creative Commons attribution > licence. It mirrors a lot of the things I was going to suggest too. After a quick look at it I don't see much that would apply though. Arch doesn't have releases. Arch follows upstream releases very closes (in some cases even too closely ;-) So, if there is no need for backporting to a set of packages that has been blessed into a supported release, what is left to do for a dedicated security team? /M -- Magnus Therning (OpenPGP: 0xAB4DFBA4) magnus@therning.org Jabber: magnus@therning.org http://therning.org/magnus identi.ca|twitter: magthe
Attachment:
signature.asc
Description: OpenPGP digital signature
