Setup security infrastructure and processes
As has been mentioned a bit lately we should start putting the key infrastructure in place for security support for Devuan. Initially this should cover provision of replication of debian security updates - except where packages we maintain a fork for are implicated - we need to trap these early and push our own version of the patched packages. Additionally provide a team to handle issues directly effecting devuans own packages, particularly tools like vdev, netman and other packages which are being developed primarily for being released in Devuan.
I've registered the irc channel #devuan-security it's currently open to all.
@jaromil: Can you please setup 2 mailinglists - "security-discuss" invite only - for the security team usage and "security-announce" for announcing the release of security updates.
@nextime: can you setup support in the build infrastructure for security updates ... suggest sub-branches
security-<stable suite> for jessie..
What are your thoughts on security for testing & unstable? Should the security updates go straight in to testing (ascii) and unstable (ceres) with the suffix