2007/2/9, Thomas Bächler <[EMAIL PROTECTED]>: > JJDaNiMoTh schrieb: > > I'm not a security team member ( I'm not sure that exist this > > 'security team' :D ) but I try :D > > Someone once tried to get a security team together, but it never went > anywhere. But keep those cool advisories up, they're awesome. By the > power given to me by myself, I declare you the first arch security advisor.
Congratulations with the start of the project! I have a question: should we rely on CVE reports only, or any report of major security site can be used as a base for Arch Linux Security Advisory? For exaple take a look at http://bugs.archlinux.org/task/5892 https://bugzilla.mozilla.org/show_bug.cgi?id=360493 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6077 CVE lists this issue as Candidate (under review), but there are a lot of links to reports inside. And this issue is widely known now. Though fixed only in development builds of Firefox. -- Roman Kyrylych (Роман Кирилич) _______________________________________________ arch mailing list [email protected] http://www.archlinux.org/mailman/listinfo/arch
