On Wed, 8 Aug 2018, Daniel J. Luke wrote:
[ Need for a security officer ]
Volunteer project ... I don't think anyone has volunteered to wear that
hat.
Then may I suggest that you make it a high priority to find someone?
Don't look at me, because I only joined this list recently with the
delusion of becoming a MacPorts developer some time, and I don't believe
that I have the experience for that job.
In the meantime, I know Perry from another mailing list (he might remember
my occasional postings) and believe me, if he recommends that a security
officer is needed then someone ought to pay attention to him.
(a long time ago, I was on a bunch of security-announce mailing lists
and made sure to follow-up on any ports that looked like they needed
patching, but I don't have free time to do that no - and the number of
ports we have is /much/ larger).
I've been on a number of security lists for many years, and although I
have the time (being retired) I simply don't have the expertise (I have
enough trouble coping with MacPorts at a user level from time to time), so
I should not be allowed anywhere near the system if you get my drift...
Sorry, but I can't help but compare MacPorts with FreeBSD-ports (I use
both regularly, and every week I do a "sudo apt-get update" on the Penguin
box (I use it to see what they've broken this time on software that I
develop for the Mac and FreeBSD); they achieve the same end but via
completely different means, and I see no reason why they should not learn
from each other (somehow).
-- Dave
