Security is more and more important nowadays and I'm regularly building packages upgrades that represent secuirity fixes. However, unless you follow the ChangeLog.txt file in the repostory you won't be able to understand whether the upgrades offered on SlackPack are addressing security issues or not. I have decided since some time to provide more visibitliy to security fixes on the site and I finally managed to do so.
The packages that are security fixes would be highlighted with red background in different places on the site in the following ways:
- in Latest packages on main page;
- in all the searches;
- on packages details page:
- a red box would appear at the top explaineding the special status of
the package, suggesting to be installed as soon as possible (only
latest builds). There are links to
ChangeLog.txtfile and the repository (from primary FTP);
- in Package history and Other formats tables security fixes would be highlighted;
- a red box would appear at the top explaineding the special status of the package, suggesting to be installed as soon as possible (only latest builds). There are links to
- uppon registration packages would me marked as security fix or not.
I hope that like this you'll have more information about the pacakges that are security fixes, so you could prioritize your upgrades. I have always tried to provide pacakge upgrades as soon as possible and in the case where these address secirity issues, I try to build on the same day of upstrem release for which I'm following several houndreds of mailing lists, so now these would have better visibility on the site as well.