Gentoo Archives: gentoo-project

From: Arturo Garcia <arturo.g.arturo@×××××.com>
To: gentoo-project@l.g.o
Subject: Re: [gentoo-project] gentoo security and packages.gentoo.org
Date: Fri, 28 Sep 2007 07:11:53
Message-Id: 200709280902.40733.arturo.g.arturo@gmail.com
In Reply to: [gentoo-project] Re: Re: gentoo security and packages.gentoo.org by Steve Long
On Thursday 27 Sep 2007, Steve Long wrote:
> No the point, as I see it, is that a security _audit_ of the code is now > being carried out. Not a fix to one bug.
As I said, fine with me, but *do* it and then close the bug. Open new ones, assign them and link them to the original bug if you wish. We act on them and we close them as well.
> That's why it would be great if the report were submitted. Or do you think > it wise to bring the service back up with known flaws?
What report?!? Onkobu offered help in auditing any future patches if anybody required so. Nothing more. Unfortunately, he got angry (no wonder) and pulled out. Maybe he is now running another distro... I haven't been in touch with him. Regarding the flaws, as I said, look at the code and find for yourself. As far as I know, Tavis *has* reviewed the patch and the code. All what is outstanding is for the site to be tested. If he opens new bugs, then we will patch and close them.
> I didn't write the lines about the whole service needing reworking either. > I'm just trying to explain why I think the process is being carried out > properly.
?_? again. I don't understand what are you trying to say?!? I don't see the correlation between this and your (or my) first post. Sorry. As a summary, the next step now is for security@g.o to their work (as Infra has *repeatedly* said and requested). If someone can poke them to do so please, it will be highly appreciated. If they audit, test, or jump on one foot while holding raw eggs on their head I don't care. It's their job. Bug please test and come back to us. Thanks. A. -- gentoo-project@g.o mailing list

Replies

Subject Author
[gentoo-project] Re: gentoo security and packages.gentoo.org Steve Long <slong@××××××××××××××××××.uk>