To try to reduce the likelihood of regressions in future security releases I plan on creating an rsync security private mailing list. I've asked the samba.org list admins to create it. The idea is that people on this list would get early access to pending security releases. There is risk in this of course, as we could end up with a bad actor on the list, or just someone who doesn't believe in security embargoes who decides to release without permission. Balanced against that risk is the lower chance of a a regression assuming we get a good set of testers and they are willing to put time in to test. If you think you would be a good candidate to be on this list then get in touch via [email protected]. Then we'll need to work out how to vet you. I will likely want to do a video call and if possible get someone I know and trust to vouch for you. You would also have to commit to actually doing testing and reporting results. I'd also be open to finding someone else to be the maintainer of this new security list and being the one doing the vetting, so candidates for that role also welcome, obviously I'd need to vet that sort of person as well in some way. Cheers, Tridge
-- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
