On Tue, 18 Oct 2016, Alexis Rosen wrote:
I think this is a grave error. Not so much in terms of security (though it's not great), but in community-building. It's in Quagga's best interests to expand participation as much as possible. If that means seeking out forks/distros and opening communications with them, then that's worth doing, especially so with security patches.
I'm not sure how inviting people to subscribe to a project security list is mutually exclusive with communicating with other projects. And... the other projects _were_ notified.
Also, how do you propose a project identifies those who may be interested in security information, without inviting those who may be interested to get in touch?
Start with those, you might get more code flowing up/downstream in general.
You may wish to check commit stats. regards, -- Paul Jakma | p...@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A Fortune: Any sufficiently advanced technology is indistinguishable from a rigged demo. - Andy Finkel, computer guy _______________________________________________ Quagga-users mailing list Quagga-users@lists.quagga.net https://lists.quagga.net/mailman/listinfo/quagga-users
