Leo Famulari <l...@famulari.name> writes: > On Sat, Oct 08, 2016 at 10:55:45AM +0200, Danny Milosavljevic wrote: >> One of the reasons I'm using distributions rather than just >> ./configure ; make ; make install is that distributors stay on top of >> security problems and disable and/or patch packages as problems arise. >> I think many others also mainly use distributions because of that. > > I'm going off-topic here, but... Please Help :) > > Right now there are only a few of us paying attention to security bug > disclosures and, in my opinion, that's not enough. > > If you are interested in keeping Guix secure, try subscribing to the > oss-sec mailing list. If you use Guix on a foreign distro, you can > subscribe to that distro's security announcement list. If you are the de > facto maintainer of some Guix packages, or if you run your business on > some Guix packages, follow the upstream bug reports. > > And then, patch bugs in our packages. If you aren't sure how to fix the > bugs, it's still helpful to present them on guix-devel and ask for > advice. > > Help Wanted! > > [0] > http://seclists.org/oss-sec/ > > [1] For example: > https://lists.debian.org/debian-security-announce/
Subscribed to the oss-sec list!
signature.asc
Description: PGP signature
