Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-project
Navigation:
Lists: gentoo-project: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-project@g.o
From: Steve Long <slong@...>
Subject: Re: Re: gentoo security and packages.gentoo.org
Date: Thu, 27 Sep 2007 16:40:41 +0100
Arturo Garcia wrote:
>> This is now all transparent public knowledge. As such no security team
>> worth their salt are going to leave these holes open. Remember that all
>> the code mentioned above has been freely available for several years.
> This is ridiculous.  We are trying to bring up a service that was brought
> down because a command-injection vulnerability, and that is the bug we are
> trying
> to close.  The solution to this problem is what has been required to be
> tested.  Please don't deviate with arguments work that has to be done.
>
No the point, as I see it, is that a security _audit_ of the code is now
being carried out. Not a fix to one bug. That's why it would be great if
the report were submitted. Or do you think it wise to bring the service
back up with known flaws?

I didn't write the lines about the whole service needing reworking either.
I'm just trying to explain why I think the process is being carried out
properly.


-- 
gentoo-project@g.o mailing list


Replies:
Re: gentoo security and packages.gentoo.org
-- Arturo Garcia
References:
gentoo security and packages.gentoo.org
-- Arturo Garcia
Re: gentoo security and packages.gentoo.org
-- Steve Long
Re: Re: gentoo security and packages.gentoo.org
-- Arturo Garcia
Navigation:
Lists: gentoo-project: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Re: gentoo security and packages.gentoo.org
Next by thread:
Re: gentoo security and packages.gentoo.org
Previous by date:
Re: Re: gentoo security and packages.gentoo.org
Next by date:
Re: gentoo security and packages.gentoo.org


Updated Jun 17, 2009

Summary: Archive of the gentoo-project mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.