Separate list for commits
Dan Davis
dan.davis at indexengines.com
Wed Sep 19 14:36:51 UTC 2007
Lubomir Kundrak wrote:
> Well, that sounds fair, but be warned, that the audit files are
specially for our
> track and doesn't have to be 100% reliable. Watching the package
announce list
> for [SECURITY] things can be always relied on, though it will have
some latency
> compared to this, as packagers need time to roll updates. Anyways,
knowing about
> the vulnerability and not having the updated package avaliable is not
always usable.
I'll be subscribing to the package announce list, and maybe using the
commit log less.
> So you are for separating the lists. Is the only issue the name of the
list? In
> that case, the CVS logs traditionally go to -commits mailing lists. I
assume it
> won't be much of an issue for you to subscribe to that one and
unsubscribe this
> one eventually, if you're not interested in discussions, just in raw
audit data.
Not really hard to resubscribe -- I just viewed the discussion as my
opportunity
to find out what is the best way to keep up to date on Fedora security
issues.
More information about the Fedora-security-list
mailing list