| 1 |
On 09-02-2011 08:57:25 -0500, Rich Freeman wrote: |
| 2 |
> Perhaps we should target having glsas published within a certain |
| 3 |
> amount of time after a vulnerability is disclosed, whether corrected |
| 4 |
> or not. We could re-publish a final notice once all is well. We |
| 5 |
> really shouldn't consider users safe from a security vulnerability |
| 6 |
> until the vulnerability is patched in the tree AND the notice to |
| 7 |
> update has been sent out. |
| 8 |
|
| 9 |
Excellent, take this up with the security team. Reevaluate which archs |
| 10 |
are security supported, and see if you can get a timeout policy |
| 11 |
implemented. |
| 12 |
|
| 13 |
|
| 14 |
-- |
| 15 |
Fabian Groffen |
| 16 |
Gentoo on a different level |
Archives