On Fri, Jan 14, 2005 at 10:55:42AM -0500, Brandon Hale wrote: > > It would seem ideal to me to cut out this human factor as much as > possible and get the word to every maintainer sooner, allowing him to > solve it sooner. This might not always be effective, take a case where a > vulnerability is disclosed but no patch is available, but could cut at > least hours if not days from our response time. The first small step > I've thought of to speed up notification is to create an alias for > kernel-security@ which includes members of the kernel team proper and at > least one maintainer for each external -sources. This will create a > single point of contact for kernel issues, and for the kernel team > proper, separate high priority security bugs from their usual flood of > email to kernel@, possibly allowing them to catch it faster as a > pleasant side effect. Ideally Bugzilla could CC this alias on the > creation of Gentoo Security bugs in the Kernel component.
kernel@ isn't that busy right now (as an email address, not as a bugzilla address), having been on the alias for a while now. I really don't see how having yet-another-email-alias will help increase the visibility or speed in our kernel updates. One maintainer of each external -sources should already be on that alias, it's not that big. thanks, greg k-h -- [email protected] mailing list
