[ previous ] [ next ] [ threads ]
 
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Security Announcements
 Date:  Fri, 27 Aug 2004 11:20:44 +0200 
On 27.08.2004 02:19 -0400, Chris Buechler wrote:

> It should probably be made standard practice (and it may already be)
> that a mailing goes out to the -announce list for any security
> vulnerabilities in the system.

It already is. In case that a security problem with m0n0wall or any
of its components is found, it will of course be fixed in the latest
release branch (i.e. if one was found in m0n0wall 1.1, something like
m0n0wall 1.11 would be released), along with a screaming announcement
on the m0n0wall and m0n0wall-announce mailing lists and the news
section of the website.
 
> If this is the policy, IMHO, it should be stated on the website.
> And I think it would be good to put a recommendation to subscribe
> to the list on the download page.

Done (on the security page, because that's where it belongs).

- Manuel