| 1 |
Council, I withdraw my suggestion to discuss security team's status |
| 2 |
during the Council's meeting. |
| 3 |
|
| 4 |
On 8/12/10 12:38 AM, Alex Legler wrote: |
| 5 |
> Please don't assume things. I'm working with someone interested in |
| 6 |
> joining the team right now. |
| 7 |
> We're about to schedule a meeting to address the lead thing. |
| 8 |
> You dind't ask for 'plans to solve the main problems'. You asked if you |
| 9 |
> could help, and that question was answered. |
| 10 |
|
| 11 |
The impression I got was "we don't have time to really train you, and |
| 12 |
it's not going to improve soon". Otherwise I would expect a message more |
| 13 |
like "we don't have time to train you now, but we're working hard on |
| 14 |
fixing things, so watch security@g.o now, and after 6 months we will be |
| 15 |
ready to train you properly". |
| 16 |
|
| 17 |
I'm not going to quote private e-mails here, but I searched back my |
| 18 |
inbox and re-read yours and Tobias' replies to make sure the above is |
| 19 |
accurate. |
| 20 |
|
| 21 |
Also, I volunteered to help with writing advisories for |
| 22 |
www-client/chromium (the question about CVEs has been forwarded |
| 23 |
upstream), I mean the entire advisory. I got no response. |
| 24 |
|
| 25 |
So I admit I assumed too much here, and I'm sorry it sounded like trying |
| 26 |
to fight (this is not my intention; see beginning of this post). |
| 27 |
|
| 28 |
I'd like to suggest a better visibility of the project. Security is an |
| 29 |
important part of Gentoo, so you can expect people outside of the |
| 30 |
project being concerned by what they see. When you work hard at fixing |
| 31 |
the long-term problems, please post somewhere that you do (or maybe I |
| 32 |
just missed such post earlier). |
| 33 |
|
| 34 |
Paweł |
Archives