1 |
On 09-02-2011 08:57:25 -0500, Rich Freeman wrote: |
2 |
> Perhaps we should target having glsas published within a certain |
3 |
> amount of time after a vulnerability is disclosed, whether corrected |
4 |
> or not. We could re-publish a final notice once all is well. We |
5 |
> really shouldn't consider users safe from a security vulnerability |
6 |
> until the vulnerability is patched in the tree AND the notice to |
7 |
> update has been sent out. |
8 |
|
9 |
Excellent, take this up with the security team. Reevaluate which archs |
10 |
are security supported, and see if you can get a timeout policy |
11 |
implemented. |
12 |
|
13 |
|
14 |
-- |
15 |
Fabian Groffen |
16 |
Gentoo on a different level |