[...] > At some stage we also need to look at providing vulnerability data in a > suitable format that supports automated validation (e.g. OVAL?), and a > site > able to browse advisories.
If this means less work, and is relatively easy to do by package maintainers, then, this looks like quite a good idea. >> Just some random crazy idea ... >> >> IMHO we should focus on security and bugfixes for the stable release, >> and there are currently too many security bugs open, some for a >> really long time, where nothing is happening for months, yet we still >> talk and concern about opening backports. > > FYI: the reason I have been slow on updates for Mageia is that I still > have > systems running Mandriva, precisely because the bacports situation has not > been finalised, and I don't want to submit all missing packages in Mageia > 1 to > updates. Once backports is open, I can drop some Mandriva packages, and > spend > more time contributing to Mageia. > > So, you can't necessarily say that backports steals time from updates ... interesting point of view...
