1 |
On Friday, August 26, 2011 08:07:57 PM Alex Legler wrote: |
2 |
> On Friday 26 August 2011 20:00:15 Joost Roeleveld wrote: |
3 |
> > On Friday, August 26, 2011 07:06:35 PM Christian Kauhaus wrote: |
4 |
> > > Am 26.08.2011 18:55, schrieb Alex Legler: |
5 |
> > > > Compared to other distributions, our advisories have been rather |
6 |
> > > > detailed with lots of manually researched information. I'm not |
7 |
> > > > sure |
8 |
> > > > if |
9 |
> > > > we can keep up this very high standard with the limited |
10 |
> > > > manpower, |
11 |
> > > > but |
12 |
> > > > we'll try our best. |
13 |
> > > |
14 |
> > > I see the point. I think it would be an achievement over the current |
15 |
> > > situation (which is: no current GLSAs at all) to send out less |
16 |
> > > detailed |
17 |
> > > GLSAs. Even something short as: "$PACKAGE has vulnerabilities, they |
18 |
> > > are |
19 |
> > > fixed in $VERSION, for details see $CVE" would be immensely helpful. |
20 |
> > > |
21 |
> > > Is the any viable way to get it at least to this point? Probably the |
22 |
> > > largest part of such a task could be automated. This would lift the |
23 |
> > > burden from the security maintainers. |
24 |
> > |
25 |
> > I agree on this. |
26 |
> > I don't (yet) know enough to actually help in this. I tend to follow |
27 |
> > advisories and try to keep my machines as much up-to-date as possible. |
28 |
> > |
29 |
> > More brief GSLAs like what Christian mentioned are, for the majority, |
30 |
> > sufficient. If someone really needs more information, there is always |
31 |
> > google. |
32 |
> |
33 |
> Like I said, please use Bugzilla and some basic filtering to get |
34 |
> notifications until we can provide full advisories again. I realize it's |
35 |
> not a solution and you will get the information somewhat unfiltered, but it |
36 |
> is a reliable and most importantly currently available source of |
37 |
> information. |
38 |
> |
39 |
> Alex |
40 |
|
41 |
Alex, |
42 |
|
43 |
If my reply seemed, in any way, to suggest I do not appreciate the amount of |
44 |
work that has been going into the GLSAs and the difficulty in finding the |
45 |
people to keep doing it, then I am sorry. |
46 |
It wasn't meant to sound that way. |
47 |
|
48 |
I'll go read the Padawan page and see if there is anything I can do. |
49 |
|
50 |
For others, the padawan-page can be found here: |
51 |
http://www.gentoo.org/security/en/padawans.xml |
52 |
|
53 |
-- |
54 |
Joost |