handling security issues
It would be nice to have an errata mailing list to inform users about
fixed security issues affecting binary packages or the core system.
Mails could include the CVE and other identifiers.
There could be place an unique id tag for these issues something like
ALPLSA-year:autoincrement (ALPine Linux Security Advisory).
I think one or more security officer(s) should be chosen.
There could be a security@ address where users could send security
related problems (it should have a public pgp key for sending sensitive
information encrypted).
Security officer(s) should be subscribed to distros and linux-distros
closed mailing lists.
(from redmine: issue id 1846, created on 2013-05-03)
- Relations:
- child #1858 (closed)