To try to reduce the likelihood of regressions in future security
releases I plan on creating an rsync security private mailing list.
I've asked the samba.org list admins to create it.
The idea is that people on this list would get early access to pending
security releases. There is risk in this of course, as we could end up
with a bad actor on the list, or just someone who doesn't believe in
security embargoes who decides to release without permission. Balanced
against that risk is the lower chance of a a regression assuming we
get a good set of testers and they are willing to put time in to test.
If you think you would be a good candidate to be on this list then get
in touch via [email protected]. Then we'll need to work out how
to vet you. I will likely want to do a video call and if possible get
someone I know and trust to vouch for you. You would also have to
commit to actually doing testing and reporting results.
I'd also be open to finding someone else to be the maintainer of this
new security list and being the one doing the vetting, so candidates
for that role also welcome, obviously I'd need to vet that sort of
person as well in some way.
Cheers, Tridge

-- 
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html

Reply via email to