Andreas Jaeger escribió:
What I
don't know yet is how the interaction should work.
Same here, In case I figure it out will suggest some steps ;)
We currently need to have a Novell packager to answer these questions: * how to handle security updates?
Im my opinion, these packages should go in _regular_ security maintenance using the same process except for some changes * We add some community man power to the security and maintenance team (how? dunno) * We either open SWAMP or create an alternative process to actually deliver the updates (again, how ? no idea..) * Packages get minor version updates when security issues appear, if there is no minor version update and major version update are incompatible or there are other dependant packages that will break, create "backports" of fixes.
Some of these are confidential when they get reported?
Issues are sometimes confidential for a while in order to allow vendors to release fixes before it goes public... I think is not possible to force volunteers to deliver a fix in a certain number of days/weeks, considering they work in their spare time..
* how to handle maintenance for enterprise products for these packages?
Awww.. this getting tricky.. :-) -- "Divinity and Lust Are forever forbidden to meet" Cristian Rodríguez R. Platform/OpenSUSE - Core Services SUSE LINUX Products GmbH Research & Development http://www.opensuse.org/