1 |
On Friday 26 August 2011 18:12:00 Christian Kauhaus wrote: |
2 |
> Hi, |
3 |
> |
4 |
> I'm wondering that may favorite Linux distro hasn't had any security |
5 |
> announcements since January. In my opinion this is really problematic. At |
6 |
> our company we try to convince prospective customers to host their |
7 |
> applications on our Gentoo servers. When asked about security incident |
8 |
> handling, I have to say: "They state 'Security is a primary focus' on their |
9 |
> website, but they don't inform their users." Not very convincing. |
10 |
> |
11 |
|
12 |
That's the issue with an all-volunteer team. We lost some active members and |
13 |
with that quite some momentum. The remainder of the team currently focuses on |
14 |
getting issues fixed, which actually works quite well. Users who are watching |
15 |
our alias in Bugzilla were informed about all updates. |
16 |
|
17 |
Making advisories with the available tool and process set was very time- |
18 |
intensive, I've been working on making that drafting process faster. The goal |
19 |
we currently have is to wrap up the pending advisories in September with a few |
20 |
large grouped advisories and resume sending advisories after that as usual. |
21 |
|
22 |
Compared to other distributions, our advisories have been rather detailed with |
23 |
lots of manually researched information. I'm not sure if we can keep up this |
24 |
very high standard with the limited manpower, but we'll try our best. |
25 |
|
26 |
For quite some time now, there has also been a staffing request on the |
27 |
website, with low-to-medium success (yielding 1 new team member). Most people |
28 |
interested didn't think the job came with that much boring work. (No, we're |
29 |
not hacking stuff all day) |
30 |
|
31 |
> So what is the roadblock that hinders GLSA creation? Is there any way to get |
32 |
> the GLSAs into working order again? |
33 |
|
34 |
tl;dr: Get more people to do boring work. |
35 |
|
36 |
Alex |
37 |
|
38 |
-- |
39 |
Alex Legler <a3li@g.o> |
40 |
Gentoo Security / Ruby |