1 |
Alec Warner wrote: |
2 |
|
3 |
> Does anyone have a link to the no kernel GLSA news? |
4 |
|
5 |
No link, I'm afraid. But here is an excerpt from the email I received: |
6 |
|
7 |
"Thing is, we don't do Kernel GLSAs anymore : by the time all the kernel |
8 |
sources in Portage get fixed, months had passed and the issue was |
9 |
forgotten/exploited already. |
10 |
|
11 |
It's in the process of being remplaced by an Kernel Interactive Security |
12 |
Status system (called KISS) that will help assess the current |
13 |
vulnerabilities of your running kernel and help you chose when to |
14 |
upgrade, along with specific "vulnerability alerts" telling people that |
15 |
new big vulnerabilities have been found and to look into KISS for |
16 |
information on fixed kernels. Exploitable Local Root vulnerabilities |
17 |
would certainly trigger such an alert. |
18 |
|
19 |
For the moment, the best way to get informed is to monitor the "Kernel" |
20 |
component of the "Gentoo Security" product. Now that summer time and |
21 |
2005.1 are over, I expect that KISS will be opened soon." |
22 |
|
23 |
|
24 |
This isn't finger pointing, or anything like that at all. Gentoo is the |
25 |
best distro for me, and that's why I use it, and everyone working on it |
26 |
does a great job. It's just that I relied on the GLSAs, and never heard |
27 |
anything to say that they weren't doing kernel GLSAs any more. |
28 |
|
29 |
Calum |
30 |
|
31 |
-- |
32 |
gpg : FC64 140F@××××××××××××××.net |
33 |
jabber: calum@×××××××××××.org |
34 |
-- |
35 |
gentoo-security@g.o mailing list |