Apr 2, 2022, 21:28 by arch-general@xxxxxxxxxxxxxxxxxxx: > I noticed the same thing and had the same question > > On 4/2/22 17:14, Morten Linderud via arch-general wrote: > >> On Sat, Apr 02, 2022 at 08:16:33PM +0200, kiasoc5--- via arch-general wrote: >> >>> The arch-security mailing list has not sent anything since December 2021. How >>> come? Have there been 0 security fixes in packages? Is the security team busy? >>> Something else? Just curious, thanks. >>> >> >> Yo, >> >> There has been several CVEs registered in the tracker but no advisory work has >> been done since December. This is mostly because of security team burnout and >> the tedious work that CVE tracking entails. >> Sorry to hear. Thanks for at least keeping the tracker updated. I'm guessing that's why arch-audit has not informed me of any security updates recently. >> Getting some form of automatic CVE ignestion to the point where we don't need to >> deal with the manuel work it currently is would be great, but that requires a >> fair bit of work sadly :/ >>
