On 11/18/2017 04:29 PM, Noah Meyerhans wrote:
> Hi John. Thanks for sending this summary and working on the re-merge. I
> have a couple of questions based on your summary. I haven't tracked the
> remerge effort in detail, so please forgive me if these have already
> been covered.
> 
> On Tue, Nov 07, 2017 at 09:38:12AM +0100, John Crispin wrote:
>> * Mailing-lists
>>   There shall be 3 lists. All other lists that existed before/after the
>>   reboot shall be shutdown.
>>   - #openwrt - all contributions, patches, ideas, ...
>>   - #openwrt-announce - new releases, security, ...
>>   - #openwrt-org - admin foo
> 
> Will there be a mechanism to notify users of security updates that they
> may need to apply? Some channel (e.g. a security-announce mailing list)
> for sending security advisories seems desirable.

#openwrt-announce would be used to announce new releases and security
updates.

> 
>> * get onto the distro security ML
>>   - http://oss-security.openwall.org/wiki/mailing-lists/distros
> 
> Will OpenWRT's security support extend to the packages repository? If 
> so, how will updates and disclosures be coordinated with package 
> maintainers who may need to be involved in preparing an update?

I think we haven't planned that in that detail. We just would like to
get informed earlier about security problems like the KRACK attack.
Probably 2 or 3 people will be on this mailing list and inform the
person maintain the component that he should prepare a security update,
but as far as I know there is not detailed plan.

Hauke

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Reply via email to