Hi KatolaZ,

KatolaZ writes:

> As many of us, I keep receiving DSAs. And as usual, we should be
> covered on these ones. If you think it might be useful, I might
> forward DSAs here. Or maybe somebody here would like to take care of
> putting together a summary of DSAs once a forthnight or so? That might
> be useful.

I'm one of those many and not just because I still have an odd Debian
machine running. I also keep getting them because I know that Devuan
will get most of its security upgrades straight from Debian anyway.

However, using a simple web search (using Duck Duck Go, if that matters)
I cannot seem to easily find anything on a Devuan website that clearly
spells this out. Perhaps that is something that can be improved? The
landing page lists

deb http://auto.mirror.devuan.org/merged jessie-security main

in the Packages section but there's no mention of how Devuan handles
security issues. A link to

https://devuan.org/os/security/

on the landing page as well as a blurb on that security page explaining
how things work would go a long way?

Personally, I have no problem with *not* getting duplicates of Debian's
DSAs. Then again, I also have no real problem with getting them ;-)
# Already get "duplicates" from Ubuntu as well :-/

What I'd definitely do like to see is Devuan Security Announcements for
the *forked* packages.

Hope this helps,
--
Olaf Meeuwissen, LPIC-2            FSF Associate Member since 2004-01-27
 GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13  F43E B8A4 A88A F84A 2DD9
 Support Free Software                        https://my.fsf.org/donate
 Join the Free Software Foundation              https://my.fsf.org/join