Jeffrey, To answer your questions:
1) I hope to have a separate tracking system to document actions taken by the ALST to prevent overlap if others want to join/volunteer. That way, a package can be numbered appropriately before it heads to the general public. If this takes off, and we can get a few people involved, I would envision a system similar to SANS Internet Storm Center, with different people on duty depending on the day. This would also prevent overlap.... Unless we can get a separate area in Flyspray, I'll probably end up creating a system on my own servers for this purpose until the project takes off. Originally, I thought that ALST members could produce 'Interm' packages to address an threat. However, a good point was brought up that by creating such packages, there might be overlap between the ALST 'interm' package and the official package provided by a Dev or TU. As a result, I believe that the ALST should not be responsible for providing a package update.... we can suggest and provide PKGBUILDS to the Devs and TU's to try and make their life easier, but ultimately it should be up to a Dev how a package update should be handled. The thought on the last paragraph is that while TU's and Devs might not have otherwise upgraded a package until a new version is released, it might be necessary to apply patches or whatnot to release an incremented version (i.e. pkg-1.2.4-1 to pkg 1.2.4-2) to address a bug or flaw in programming. If that section needs to be more specific, please let me know. Thanks for your input! -James .:: On 04/27/2006 01:09 PM - Jeffrey Lim wrote ::. > this is a good thing. I think Arch needs something like this. > > Generally the doc is fine, but a few questions: > > - who decides the "warning #"?? taking the last warning # and adding 1 > to it doesnt work if 2 (or more) members decide to release advisories > at the same time. > > - "Purpose" section, last paragraph - "ALST Members will not be > responsible for creating interim packages to prevent duplicate > PKGBUILDS or packages." - why should there be duplicates? > > - last paragraph at end of page - "TUs might need to build some > interim packages, however, ..." - are u saying that TUs will build as > a stop-gap measure while we wait for the official update from the > devs? > > > -jf > > _______________________________________________ > arch mailing list > [email protected] > http://www.archlinux.org/mailman/listinfo/arch -- ------------------------- James Fryman E-Mail : [EMAIL PROTECTED] Cell : 757.812.3126 GnuPG : 0xDAE2C750 _______________________________________________ arch mailing list [email protected] http://www.archlinux.org/mailman/listinfo/arch
