Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-project
Navigation:
Lists: gentoo-project: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-project@g.o
From: Arturo Garcia <arturo.g.arturo@...>
Subject: Re: gentoo security and packages.gentoo.org
Date: Fri, 28 Sep 2007 09:02:40 +0200
On Thursday 27 Sep 2007, Steve Long wrote:
> No the point, as I see it, is that a security _audit_ of the code is now
> being carried out. Not a fix to one bug. 
As I said, fine with me, but *do* it and then close the bug.  Open new ones, 
assign them and link them to the original bug if you wish.  We act on them 
and we close them as well.

> That's why it would be great if the report were submitted. Or do you think
> it wise to bring the service back up with known flaws?
What report?!? Onkobu offered help in auditing any future patches if anybody 
required so. Nothing more. Unfortunately, he got angry (no wonder) and pulled 
out. Maybe he is now running another distro... I haven't been in touch with 
him.

Regarding the flaws, as I said, look at the code and find for yourself.  As 
far as I know, Tavis *has* reviewed the patch and the code.  All what is 
outstanding is for the site to be tested.  If he opens new bugs, then we will 
patch and close them.

> I didn't write the lines about the whole service needing reworking either.
> I'm just trying to explain why I think the process is being carried out
> properly.
?_? again.  I don't understand what are you trying to say?!?  I don't see the 
correlation between this and your (or my) first post. Sorry.

As a summary, the next step now is for security@g.o to their work (as 
Infra has *repeatedly* said and requested).  If someone can poke them to do 
so please, it will be highly appreciated.  If they audit, test, or jump on 
one foot while holding raw eggs on their head I don't care. It's their job. 
Bug please test and come back to us.  Thanks.

A.
-- 
gentoo-project@g.o mailing list


Replies:
Re: gentoo security and packages.gentoo.org
-- Steve Long
References:
gentoo security and packages.gentoo.org
-- Arturo Garcia
Re: Re: gentoo security and packages.gentoo.org
-- Arturo Garcia
Re: Re: gentoo security and packages.gentoo.org
-- Steve Long
Navigation:
Lists: gentoo-project: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Re: gentoo security and packages.gentoo.org
Next by thread:
Re: gentoo security and packages.gentoo.org
Previous by date:
Re: Re: gentoo security and packages.gentoo.org
Next by date:
Re: gentoo security and packages.gentoo.org


Updated Jun 17, 2009

Summary: Archive of the gentoo-project mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.