Lubomir Kundrak wrote:
Well, that sounds fair, but be warned, that the audit files are
specially for our
track and doesn't have to be 100% reliable. Watching the package
announce list
for [SECURITY] things can be always relied on, though it will have
some latency
compared to this, as packagers need time to roll updates. Anyways,
knowing about
the vulnerability and not having the updated package avaliable is not
always usable.
I'll be subscribing to the package announce list, and maybe using the
commit log less.
So you are for separating the lists. Is the only issue the name of
the
list? In
that case, the CVS logs traditionally go to -commits mailing lists. I
assume it
won't be much of an issue for you to subscribe to that one and
unsubscribe this
one eventually, if you're not interested in discussions, just in
raw
audit data.
Not really hard to resubscribe -- I just viewed the discussion as my
opportunity
to find out what is the best way to keep up to date on Fedora security
issues.