handling security issues
It would be nice to have an errata mailing list to inform users about
fixed security issues affecting binary packages or the core system.
Mails could include the CVE and other identifiers.
There could be place an unique id tag for these issues something like ALPLSA-year:autoincrement (ALPine Linux Security Advisory).
I think one or more security officer(s) should be chosen.
There could be a security@ address where users could send security related problems (it should have a public pgp key for sending sensitive information encrypted).
Security officer(s) should be subscribed to distros and linux-distros closed mailing lists.
(from redmine: issue id 1846, created on 2013-05-03)
- child #1858