On 11/18/2017 04:29 PM, Noah Meyerhans wrote:
> Hi John. Thanks for sending this summary and working on the re-merge. I
> have a couple of questions based on your summary. I haven't tracked the
> remerge effort in detail, so please forgive me if these have already
> been covered.
>
> On Tue, Nov 07, 2017 at 09:38:12AM +0100, John Crispin wrote:
>> * Mailing-lists
>> There shall be 3 lists. All other lists that existed before/after the
>> reboot shall be shutdown.
>> - #openwrt - all contributions, patches, ideas, ...
>> - #openwrt-announce - new releases, security, ...
>> - #openwrt-org - admin foo
>
> Will there be a mechanism to notify users of security updates that they
> may need to apply? Some channel (e.g. a security-announce mailing list)
> for sending security advisories seems desirable.
#openwrt-announce would be used to announce new releases and security
updates.
>
>> * get onto the distro security ML
>> - http://oss-security.openwall.org/wiki/mailing-lists/distros
>
> Will OpenWRT's security support extend to the packages repository? If
> so, how will updates and disclosures be coordinated with package
> maintainers who may need to be involved in preparing an update?
I think we haven't planned that in that detail. We just would like to
get informed earlier about security problems like the KRACK attack.
Probably 2 or 3 people will be on this mailing list and inform the
person maintain the component that he should prepare a security update,
but as far as I know there is not detailed plan.
Hauke
signature.asc
Description: OpenPGP digital signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
