[csw-maintainers] Security alerts and updates
Philip Brown
phil at bolthole.com
Thu Feb 5 22:52:11 CET 2009
On Thu, Feb 05, 2009 at 10:42:11PM +0100, William Bonnet wrote:
> Hi
>
>
> >> Should we set up a system to send security alerts ? a mailing list ? a
> >> rss feed ?
> > it's called "the announce list"
>
> I'm not really sure it is "enough" from a user point of view. I think it
> is important to find easily this kind of information on the web site for
> a user.
ok, so we need to publicise the announce list more?
> Moreover, the channel we use to send information is not the only point.
> It is easy to send the same announce to the list, to a blog (worpress
> allow posting from smtp) and to a rss feed.
true.
> But... my question is (blaming no one don't worry) how long since we
> last add a security announce on that list ?
how long has it been since we needed a security update?
the answer to both questions, is about the same I think.
a long time.
we dont do 'security only' updates very often.
> My point is not necessarily to change it, but to make it clear for
> users, to give them a easy access to this information. Some one who
> comes to the site should find the security alerts or where are the
> security alert in a minimal number of "mouse clicks" IMHO
please remember that, while having lots of information is potentialy good;
having a very cluttered top page, is bad.
in some ways, users are best protected from "security issues" by simply
always running the latest released versions of the packages they have
installed.
More information about the maintainers
mailing list