On 2010-03-23, Moffett, Kyle D <kyle.d.moff...@boeing.com> wrote:
[ Only commenting on two issues, the sbuild maintainers, powerpc and Debian
embedded people are more versed in commenting them. ]
> * Regarding software security updates, I am aware that most vendors of OS
> distributions participate in coordinated-disclosure and embargo agreements
> in order to receive advance notice of certain vulnerabilities. My employer
> is currently considering what we would need to do in order to get access to
> those notifications; on the other hand we would much rather participate
> directly in the Debian security release process. Would it be possible for
> us as a third-party corporation to be a part of that process?
The easiest approach for all parties involved would be if e500 becomes an
official port. In that case you don't need to do anything on the security
side, all security updates are autobuilt and if there's an embargoed
security issue targeted for a specific release date it's automatically
available for e500 on the release day. But even if e500 starts unofficially
we can discuss/evaluate the possibilities to hook a e500 autobuild system
into the security buildd network.
> * Even if an e500 port does not go upstream, would it be possible to get
> the appropriate entries added to the upstream dpkg cpu and triplet tables?
> We're using a simple 10-line patch to dpkg locally, hopefully that would be
> acceptable?
That has been done in the past for unofficial architectures like "lpia" already.
Simply file a bug against dpkg using reportbug and send the patch along.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/slrnhqhv8n.2fl....@inutil.org
