Marcus Meissner wrote:
My slides are here: http://files.opensuse.org/opensuse/en/a/a1/FOSDEM_security_process.pdf
I wish I could attend :-( do you mean that you work in parallel with the original developpers of the application? for example if a vulnerability is seen in Apache, I guess apache team warn all the pro clients, not to make twice the same work. this is may be what lacks in your slides: what is the part SUSE/Novell have in the external teams. Do you have a Novell member in the Apache team (for example), at least time-sharing? is such work frequent? rare? case by case? I've seen very different numbers as of the number of SUSE/Novell employes working on Linux (SUSE and pro), from 100 to 1000 :-) What is the real approx number, and on this number what is the part that do security fixes? Its mean. If all the people work together, all fixes are released approx at the same time (You, Apache, Red hat, Debian....). If SUSE works mainly in it's side, may be it's first, may be it's late? I'll try to summarise all this on a page :-) thanks jdd -- http://www.dodin.net http://dodin.org/galerie_photo_web/expo/index.html http://lucien.dodin.net http://fr.susewiki.org/index.php?title=Gérer_ses_photos