On 27.08.2004 02:19 -0400, Chris Buechler wrote:
> It should probably be made standard practice (and it may already be)
> that a mailing goes out to the -announce list for any security
> vulnerabilities in the system.
It already is. In case that a security problem with m0n0wall or any
of its components is found, it will of course be fixed in the latest
release branch (i.e. if one was found in m0n0wall 1.1, something like
m0n0wall 1.11 would be released), along with a screaming announcement
on the m0n0wall and m0n0wall-announce mailing lists and the news
section of the website.
> If this is the policy, IMHO, it should be stated on the website.
> And I think it would be good to put a recommendation to subscribe
> to the list on the download page.
Done (on the security page, because that's where it belongs).