On Mon, Mar 15, 2010 at 11:18 PM, Magnus Therning <magnus@xxxxxxxxxxxx> wrote: > After a quick look at it I don't see much that would apply though. Arch > doesn't have releases. Arch follows upstream releases very closes (in some > cases even too closely ;-) > > So, if there is no need for backporting to a set of packages that has been > blessed into a supported release, what is left to do for a dedicated security > team? > 1) what allan said : A group could monitor security issues and file bugs to get the devs to fix them. 2) resume and finish the gpg work for pacman & friends
