1 |
Council, I withdraw my suggestion to discuss security team's status |
2 |
during the Council's meeting. |
3 |
|
4 |
On 8/12/10 12:38 AM, Alex Legler wrote: |
5 |
> Please don't assume things. I'm working with someone interested in |
6 |
> joining the team right now. |
7 |
> We're about to schedule a meeting to address the lead thing. |
8 |
> You dind't ask for 'plans to solve the main problems'. You asked if you |
9 |
> could help, and that question was answered. |
10 |
|
11 |
The impression I got was "we don't have time to really train you, and |
12 |
it's not going to improve soon". Otherwise I would expect a message more |
13 |
like "we don't have time to train you now, but we're working hard on |
14 |
fixing things, so watch security@g.o now, and after 6 months we will be |
15 |
ready to train you properly". |
16 |
|
17 |
I'm not going to quote private e-mails here, but I searched back my |
18 |
inbox and re-read yours and Tobias' replies to make sure the above is |
19 |
accurate. |
20 |
|
21 |
Also, I volunteered to help with writing advisories for |
22 |
www-client/chromium (the question about CVEs has been forwarded |
23 |
upstream), I mean the entire advisory. I got no response. |
24 |
|
25 |
So I admit I assumed too much here, and I'm sorry it sounded like trying |
26 |
to fight (this is not my intention; see beginning of this post). |
27 |
|
28 |
I'd like to suggest a better visibility of the project. Security is an |
29 |
important part of Gentoo, so you can expect people outside of the |
30 |
project being concerned by what they see. When you work hard at fixing |
31 |
the long-term problems, please post somewhere that you do (or maybe I |
32 |
just missed such post earlier). |
33 |
|
34 |
Paweł |