I really like Arch. I switched about a year ago after being a Debian
user for nine years.  There is something that troubles me though about
Arch.  Its lack of security focus.  By this I mean there is no
consistent way that security issues are dealt with.  There was a
proposal for 'The Arch Linux Security Team' but it seems to have fallen
by the wayside[1].  I propose to resurrect this in the spirit of Arch's
users becoming contributors.

I, hopefully not alone wish to draw up a list of processes that can be
used to create a dedicated Arch Linux security team that can deal
quickly and efficiently with security alerts.  It would need to be able
to liaise successfully with Arch developers and hopefully over time
security team members can become trusted users.

I'm mentioning it now as I notice that an Arch Conference is being
organised in Canada.  One of my proposals (shamefully stolen from
Debian) would be to have key-signing parties at Arch Linux meet-ups.
This could then be used to create an Arch Linux web of trust.

So basically I'm going to get my ideas into writing and post them on
this list. I hope others will be willing to come forward and contribute
too.  After some discussion we should be able to reach a consensus and
start giving security issues the priority they deserve.


Ananda Samaddar

[1] http://wiki.archlinux.org/index.php/Security_Task_Force

Attachment: signature.asc
Description: PGP signature

Reply via email to