| 1 |
On 4/16/07, Calum <caluml@×××××.com> wrote: |
| 2 |
> But the infrastructure is already in place for GLSA's. |
| 3 |
|
| 4 |
With all due respect, you haven't the faintest idea how much work it |
| 5 |
takes to issue a GLSA. It's not a simple matter of typing some stuff |
| 6 |
in an email and hitting send. You have to chase devs down and get |
| 7 |
them to patch their stuff. You have to chase arch maintainers down |
| 8 |
and get them to test things and mark them stable. You have to chase |
| 9 |
security people down to draft the GLSA. You have to chase more |
| 10 |
security people down to peer review the GLSA. |
| 11 |
|
| 12 |
I don't know that we've ever formally quantified how much time an |
| 13 |
average GLSA takes, but my semi-educated guess would be in the |
| 14 |
neighborhood of 10 hours per package. |
| 15 |
|
| 16 |
Now, take that process and multiply it by the number of -sources in |
| 17 |
the tree and you can start to get an idea for how much time it takes |
| 18 |
to issue kernel updates. |
| 19 |
|
| 20 |
So, again, #gentoo-security is where you can start being part of the solution. |
| 21 |
|
| 22 |
--kurt |
| 23 |
-- |
| 24 |
gentoo-security@g.o mailing list |
Archives