Just thought I would voice my opinions on which repos to watch for security updates...
[current] + [extra] : Both obviously would be watched as they are the core repos. [community] : Security reports was in the gray area as James said because it may be taking on too much too quickly for the proposed ALST. [unstable] : James and I thought this would be fine as it contains a very few number of packages so it would be an easy addition. [testing] : I am curious to know what others think on this one. It is software that can undergo numerous updates quickly and is not yet thought to be stable enough for [current] or [extra]. So should it be included in Security Reports? [release] : Releases are just snapshots of what is in [current]. If there were a program that had a security vulnerability, inside the report the versions that are impacted are outlined. Let's say you install off the 0.7.1 CD and a package on there is older than the package in [current]. The report would say what repo the package is in online, but the version number would allow people who install off the CD to know if they need to update. Hope that clears a few things up about the idea. Jason (canyonknight) _______________________________________________ arch mailing list [email protected] http://www.archlinux.org/mailman/listinfo/arch
