On 11/18/2017 04:29 PM, Noah Meyerhans wrote: > Hi John. Thanks for sending this summary and working on the re-merge. I > have a couple of questions based on your summary. I haven't tracked the > remerge effort in detail, so please forgive me if these have already > been covered. > > On Tue, Nov 07, 2017 at 09:38:12AM +0100, John Crispin wrote: >> * Mailing-lists >> There shall be 3 lists. All other lists that existed before/after the >> reboot shall be shutdown. >> - #openwrt - all contributions, patches, ideas, ... >> - #openwrt-announce - new releases, security, ... >> - #openwrt-org - admin foo > > Will there be a mechanism to notify users of security updates that they > may need to apply? Some channel (e.g. a security-announce mailing list) > for sending security advisories seems desirable.
#openwrt-announce would be used to announce new releases and security updates. > >> * get onto the distro security ML >> - http://oss-security.openwall.org/wiki/mailing-lists/distros > > Will OpenWRT's security support extend to the packages repository? If > so, how will updates and disclosures be coordinated with package > maintainers who may need to be involved in preparing an update? I think we haven't planned that in that detail. We just would like to get informed earlier about security problems like the KRACK attack. Probably 2 or 3 people will be on this mailing list and inform the person maintain the component that he should prepare a security update, but as far as I know there is not detailed plan. Hauke
signature.asc
Description: OpenPGP digital signature
_______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
