Date: Wed Dec 22 07:36:40 2004 Author: sip Update of /home/crux/cvs/clc/xpdf In directory dream.morpheus.net:/tmp/cvs-serv9853 Modified Files: .md5sum Pkgfile Log Message: [security] xpdf: updated to pl2 (thanks to Han). http://www.idefense.com/application/poi/display?id=172&type=vulnerabilities Revisions: .md5sum 1.2 => 1.3 http://clc.morpheus.net:6999/clc/filediff?f=clc/xpdf/.md5sum&v1=1.2&v2=1.3 Pkgfile 1.2 => 1.3 http://clc.morpheus.net:6999/clc/filediff?f=clc/xpdf/Pkgfile&v1=1.2&v2=1.3
Hi, On Wed, Dec 22, 2004 at 01:36:41 -0600, crux@morpheus.net wrote:
Date: Wed Dec 22 07:36:40 2004 Author: sip
Update of /home/crux/cvs/clc/xpdf In directory dream.morpheus.net:/tmp/cvs-serv9853
Modified Files: .md5sum Pkgfile Log Message: [security] xpdf: updated to pl2 (thanks to Han). http://www.idefense.com/application/poi/display?id=172&type=vulnerabilities
As you can see, Matt and I have setup a script which checks the commit messages, and triggers an e-mail notification if a commit message contains "[security]". If wanted, we can create a dedicated mailing list, so people interested in security notifications don't have to read all the clc discussions, and vice versa. Kind regards, Johannes -- Johannes Winkelmann mailto:jw@tks6.net Bern, Switzerland http://jw.tks6.net
On Wed, Dec 22, 2004 at 08:58:58AM +0100, Johannes Winkelmann wrote: Hello, [...]
If wanted, we can create a dedicated mailing list, so people interested in security notifications don't have to read all the clc discussions, and vice versa.
I second the idea _not_ using clc-devel for that purpose. But why another mailinglist the people has to subscribe to, wouldn't be the crux ML the right place for those notifications ? Kind regards Jürgen -- Juergen Daubert | mailto:jue@jue.li Korb, Germany | http://jue.li/crux
Hi, On Wed, Dec 22, 2004 at 09:30:47 +0100, Juergen Daubert wrote:
On Wed, Dec 22, 2004 at 08:58:58AM +0100, Johannes Winkelmann wrote:
Hello,
[...]
If wanted, we can create a dedicated mailing list, so people interested in security notifications don't have to read all the clc discussions, and vice versa.
I second the idea _not_ using clc-devel for that purpose. But why another mailinglist the people has to subscribe to, wouldn't be the crux ML the right place for those notifications ? It depends a bit on our future strategy towards mailing lists; at least for now, crux@ is probably the best place to send it to, since there's no reason to hide them (or to be not interested in them).
The only counter argument (which is hopefully not going to be true for a long time) is that there are no such notifications for base and opt due to the separation of the CVS repositories. Having security message on crux@ somewhat implies (at least for new users) that this covers everything, which currently is not true. Because of that, I thought that for the time being, we could send it to something like 'clc-security-notifications', and move it over to crux@ once we have a common CVS repository. Kind regards, Johannes -- Johannes Winkelmann mailto:jw@tks6.net Bern, Switzerland http://jw.tks6.net
On 22/12/2004 10:03 Johannes Winkelmann wrote:
It depends a bit on our future strategy towards mailing lists; at least for now, crux@ is probably the best place to send it to, since there's no reason to hide them (or to be not interested in them).
Hi all, looking at the problem from another perspective, one could be interested _only_ in security updates, without being forced to subscribe to the CLC ml. (Ok, at the moment there's no much traffic and the problem is a little one.) Regards, Simone -- Simone Rota WEB : http://www.varlock.com Bergamo, Italy MAIL: sip@varlock.com
participants (4)
-
crux@morpheus.net -
Johannes Winkelmann -
Juergen Daubert -
Simone Rota