1 |
On Monday 16 April 2007 16:05, William L. Thomson Jr. wrote: |
2 |
> Not to mention in my case upstream had already acted or etc, so no |
3 |
> patching or etc was needed on my behalf. Just bumps and stabilization if |
4 |
> anything. |
5 |
Yeah, this is because the Security team is simply understaffed as has been the |
6 |
case for far too long. We only have a few very active members and due to |
7 |
process and QA stuff it simply takes time. I hope we're going to bring it |
8 |
down soon though. |
9 |
|
10 |
Try searching for bugs in ebuild+ or ebuild++ status, that should give a hint |
11 |
about what problems we face. Not to mention other + and ++ statuses. |
12 |
|
13 |
> Kernel issues must be a nightmare for the security team. |
14 |
Kernel issues are a nightmare because of the many sources and the way Gentoo |
15 |
handles kernel sources. emerge gentoo-sources won't magically fix your |
16 |
machine and besides not everyone want to upgrade their kernel for every small |
17 |
issue. That's why plasmaroo wrote KISS, sadly he left before it went public |
18 |
and now we waiting for another tool for kernel issues. It's not even on the |
19 |
horizon yet (at least not to my knowledge). This started out as a small |
20 |
problem that we thought would be temporary but has sadly turned kind of |
21 |
permanent without us informing users properly. So if you want to help get |
22 |
things back on track please join #gentoo-security and lets talk. |
23 |
|
24 |
-- |
25 |
Sune Kloppenborg Jeppesen |
26 |
Gentoo Linux Security Team |