On 09-02-2011 08:57:25 -0500, Rich Freeman wrote:
> Perhaps we should target having glsas published within a certain
> amount of time after a vulnerability is disclosed, whether corrected
> or not. We could re-publish a final notice once all is well. We
> really shouldn't consider users safe from a security vulnerability
> until the vulnerability is patched in the tree AND the notice to
> update has been sent out.
Excellent, take this up with the security team. Reevaluate which archs
are security supported, and see if you can get a timeout policy
implemented.
GSLA improvements (WAS: avoiding urgent stabilisations)
