| 1 |
On Thu, 2004-03-18 at 09:28, Joshua Brindle wrote: |
| 2 |
> This wasn't anything that we didn't already know about, we already know |
| 3 |
> we don't have access to vulnerability reports before the 'mass public', |
| 4 |
> we already know we are undermanned, we already know our process is in a |
| 5 |
> transition state. What *you* need to know is that we are doing what we |
| 6 |
> can with the resources we have, and trying every day to get more |
| 7 |
> resources. If you don't like it you can help us, we *are* a community |
| 8 |
> distribution, not a commercial distribution that can pay for a full time |
| 9 |
> security team, nor are we a distribution with the amount of 'clout' it |
| 10 |
> takes to get early advirsories. |
| 11 |
> |
| 12 |
> My suggestion to you is one of the following |
| 13 |
> 1) help make the team better by participating |
| 14 |
> 2) paying for a full time security team |
| 15 |
> 3) deal with it. |
| 16 |
|
| 17 |
This is either a great idea, or a total bomb... I can't quite tell, so I |
| 18 |
thought I might as well mention it... |
| 19 |
|
| 20 |
What about creating a 'Support the Developers' page? I think paypal |
| 21 |
donations to gentoo would be rather difficult to implement (who would |
| 22 |
get the money?), but it would be a nice place to list requests for |
| 23 |
(reasonable) hardware donations as well as employment availability. We |
| 24 |
would list the availability and region of -core developers, and |
| 25 |
businesses needing their services could contract out support (or even |
| 26 |
full-time staffing) from the developer. |
| 27 |
|
| 28 |
--Jeremy |
Archives