[Pkg-mediawiki-devel] Early (embargoed) disclosure of upcoming security releases
Jonathan Wiltshire
jmw at debian.org
Sat Mar 2 16:27:34 UTC 2013
Hi,
I wonder if we could co-ordinate early disclosure of forthcoming security
fixes, such as that due on 4th March, to nominated contacts at the
various distributions. I speak only with a Debian hat, of course.
The problem I have currently is that I don't know what the content or
severity of these releases is in advance of the day, and so can't prepare
and test packages satisfactorily ahead of the release. I also can't
guarantee how much spare capacity I have around that time.
If we knew in advance what was coming up, we could prepare packages and
release them immediately after the upstream release. For Debian at least,
we already have the infrastructure to build and test in advance and then
just hit 'go' when the time comes.
This would also give us more time to prepare and test backports to
older versions, such as the 1.15 we currently have in stable and will
have for at least the next 12 months.
I would envisage such advance disclosures being embargoed and encrypted,
naturally.
Thanks,
--
Jonathan Wiltshire jmw at debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
<directhex> i have six years of solaris sysadmin experience, from
8->10. i am well qualified to say it is made from bonghits
layered on top of bonghits
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-mediawiki-devel/attachments/20130302/7bff50a4/attachment.pgp>
More information about the Pkg-mediawiki-devel
mailing list