On Thursday 27 Sep 2007, Steve Long wrote:
> No the point, as I see it, is that a security _audit_ of the code is now
> being carried out. Not a fix to one bug. 
As I said, fine with me, but *do* it and then close the bug.  Open new ones, 
assign them and link them to the original bug if you wish.  We act on them 
and we close them as well.

> That's why it would be great if the report were submitted. Or do you think
> it wise to bring the service back up with known flaws?
What report?!? Onkobu offered help in auditing any future patches if anybody 
required so. Nothing more. Unfortunately, he got angry (no wonder) and pulled 
out. Maybe he is now running another distro... I haven't been in touch with 
him.

Regarding the flaws, as I said, look at the code and find for yourself.  As 
far as I know, Tavis *has* reviewed the patch and the code.  All what is 
outstanding is for the site to be tested.  If he opens new bugs, then we will 
patch and close them.

> I didn't write the lines about the whole service needing reworking either.
> I'm just trying to explain why I think the process is being carried out
> properly.
?_? again.  I don't understand what are you trying to say?!?  I don't see the 
correlation between this and your (or my) first post. Sorry.

As a summary, the next step now is for security@g.o to their work (as 
Infra has *repeatedly* said and requested).  If someone can poke them to do 
so please, it will be highly appreciated.  If they audit, test, or jump on 
one foot while holding raw eggs on their head I don't care. It's their job. 
Bug please test and come back to us.  Thanks.

A.
-- 
gentoo-project@g.o mailing list