Gentoo Archives: gentoo-security

From: Alex Legler <a3li@g.o>
To: gentoo-security <gentoo-security@l.g.o>
Subject: Re: [gentoo-security] Kernel Security Update Target Delay?
Date: Sun, 26 Sep 2010 22:04:37
Message-Id: 1285536466-sup-5552@stingray
In Reply to: Re: [gentoo-security] Kernel Security Update Target Delay? by Calum
Excerpts from Calum's message of Sun Sep 26 19:28:01 +0200 2010:
> On 26 September 2010 11:31, Richard Freeman <rich0@g.o> wrote: > > Gentoo has been vulnerable to a highly-publicized (Guardian, Slashdot, > > the works) local privilege escalation for almost two weeks now.  (Well, > > it has been vulnerable for years, but of course we didn't know about it > > until two weeks ago.) > > > > In the bugzilla thread tracking the problem it has been mentioned a few > > times that the kernel does not receive GLSA support: > > http://bugs.gentoo.org/show_bug.cgi?id=337645 > > Kernels used to be covered in GLSAs. > I mourned the loss of kernel GLSAs quite a while back. > http://blog.gmane.org/gmane.linux.gentoo.security/month=20070401
I kindly request follow-up posters to not post +1's in this thread.
> […] > I still don't understand why there isn't a single security alert point > of reference that covers everything on a Gentoo box though. > What would it take to get kernels included again?
Kernel sources will not be included in the GLSA system again. The whole process was designed for userland packages, not kernel sources. We hope to get the kernel-check [1] utility to serve this purpose one day. The invitation Kurt extended to contact us and help is still standing. [1] http://git.overlays.gentoo.org/gitweb/?p=proj/kernel-check.git;a=summary -- Alex Legler <a3li@g.o> Gentoo Security/Ruby

Attachments

File name MIME type
signature.asc application/pgp-signature