This is the mail archive of the cygwin-apps mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: HEADSUP: Security updates outstanding


On Aug 18 09:09, Christopher Faylor wrote:
> On Sun, Aug 17, 2008 at 09:42:02PM -0500, Yaakov (Cygwin Ports) wrote:
> >-----BEGIN PGP SIGNED MESSAGE-----
> >Hash: SHA256
> >
> >Christopher Faylor wrote:
> >> I hate to suggest another mailing list but I wonder if we should have
> >> another unarchived, closed list for discussing security issues.  The
> >> recent setup.exe problem got me thinking that we might need something
> >> like this.
> >> 
> >> I'm not suggesting that this email was inappropriate since these are all
> >> known issues but maybe another mailing list might help focus on
> >> important security issues.
> >> 
> >> Or should we just use this list and not worry about it?
> >
> >The major problem that we have with security is that we don't have a
> >person/team which has advance notice of security issues like the Linux
> >distros have, and I have no idea how to go about changing that.  Right
> >now I have to wait for the issues to be public in order to know about them.
> 
> Either Corinna or I can ask the Red Hat person responsible for these
> matters how we can "sign up" for this wonderful duty.

Personally I'm kind of not interested to go this road.  If I learn about
a problem in an upstream package, I update.  If anybody else want's to
take over responsibility for security problems, I certainly don't stand
in the way, of course.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]