Am 12.05.2011 21:51, schrieb Ralf Ronneburger:
as a first step it would be good to have an overview on the evergreen-page about what security problems need fixing like:
CVE-XYZ from 05.05.2011 - in progress CVE-XXY from 06.05.2011 - open CVE-XYY from 10.05.2011 - fixed
That would also make it easier for others to help.
hmm, ok, so the "open" status is missing in the current page: http://en.opensuse.org/openSUSE:Evergreen_11.1 If I'd expect that someone grabs open ones to work on them it would make sense to add them but honestly there are almost no "others".
About the acceptable delay - it depends on the type and severity of the problem and on the package affected - I can't give you a general number. In the end it will be compared to the other vendors, so it should not be much slower than them.
Evergreen was not really started to compete with the others but because it's better to have updates at all than running the systems w/o any updates. I know that is not enough but it's all we can provide at the moment.