On 01/10/2017 09:53 PM, Paul Eggleton wrote: > On Tue, 10 Jan 2017 10:37:48 Bent Bisballe Nyeng wrote: >> I found the list initially through this page: >> https://wiki.yoctoproject.org/wiki/Security where it is described as the >> security [at] yoctoprojct [dot] org being the discussion list and the yocto >> [dash] security [at] yoctoproject[dot] org being the security announcement >> list. > That's not what it says. What it does say is that yocto-security@ list is for > discussions about security patches, and security@ is for private notification > about security issues *to* several nominated individuals. There isn't an > announcement list I'm afraid. > >> If the yocto [dash] security [at] yoctoproject[dot] org is in fact no longer >> active I think it is important that the wiki page is changed to reflect >> that to prevent potential dangerous misunderstandings in the future. > I'm not sure how you came to the conclusions you did - do you have any > suggestions on rewording? > > I will say that the yocto-security@ list has been pretty quiet since it was > set up. Adding a few people on CC - are there any plans to make better use of > this list? > > Cheers, > Paul I can see now that I half read, half assumed what the page said...
The ideal solution in my opinion would be to actually turn the yocto-security list into a security announcement list as this would make it the perfect resource for monitoring security issues for shipped products instead of having to make some kind of grep filter on the git logs. Would this be an option? I think it would be of great benefit to the yocto community if such a list existed. Kind regards Bent Bisballe Nyeng -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
