Gentoo Archives: gentoo-security

From: Kurt Lieber <klieber@g.o>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Days of yore
Date: Mon, 16 Apr 2007 13:44:38
Message-Id: 82d43d110704160632u5a703816wa038267fd3b92e87@mail.gmail.com
In Reply to: Re: [gentoo-security] Days of yore by Calum
On 4/16/07, Calum <caluml@×××××.com> wrote:
> But the infrastructure is already in place for GLSA's.
With all due respect, you haven't the faintest idea how much work it takes to issue a GLSA. It's not a simple matter of typing some stuff in an email and hitting send. You have to chase devs down and get them to patch their stuff. You have to chase arch maintainers down and get them to test things and mark them stable. You have to chase security people down to draft the GLSA. You have to chase more security people down to peer review the GLSA. I don't know that we've ever formally quantified how much time an average GLSA takes, but my semi-educated guess would be in the neighborhood of 10 hours per package. Now, take that process and multiply it by the number of -sources in the tree and you can start to get an idea for how much time it takes to issue kernel updates. So, again, #gentoo-security is where you can start being part of the solution. --kurt -- gentoo-security@g.o mailing list

Replies

Subject Author
Re: [gentoo-security] Days of yore "William L. Thomson Jr." <wltjr@g.o>