HEADSUP: Security updates outstanding
Mon Aug 18 13:26:00 GMT 2008
On Aug 18 09:09, Christopher Faylor wrote:
> On Sun, Aug 17, 2008 at 09:42:02PM -0500, Yaakov (Cygwin Ports) wrote:
> >-----BEGIN PGP SIGNED MESSAGE-----
> >Hash: SHA256
> >Christopher Faylor wrote:
> >> I hate to suggest another mailing list but I wonder if we should have
> >> another unarchived, closed list for discussing security issues. The
> >> recent setup.exe problem got me thinking that we might need something
> >> like this.
> >> I'm not suggesting that this email was inappropriate since these are all
> >> known issues but maybe another mailing list might help focus on
> >> important security issues.
> >> Or should we just use this list and not worry about it?
> >The major problem that we have with security is that we don't have a
> >person/team which has advance notice of security issues like the Linux
> >distros have, and I have no idea how to go about changing that. Right
> >now I have to wait for the issues to be public in order to know about them.
> Either Corinna or I can ask the Red Hat person responsible for these
> matters how we can "sign up" for this wonderful duty.
Personally I'm kind of not interested to go this road. If I learn about
a problem in an upstream package, I update. If anybody else want's to
take over responsibility for security problems, I certainly don't stand
in the way, of course.
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
More information about the Cygwin-apps