Gentoo Archives: gentoo-security

From: "Brian G. Peterson" <brian@×××××××××.com>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Kernels and GLSAs
Date: Tue, 20 Sep 2005 12:21:38
Message-Id: 200509200716.37148.brian@braverock.com
In Reply to: [gentoo-security] Kernels and GLSAs by Calum
On Tuesday 20 September 2005 06:09 am, Calum wrote:
> I prefer the idea that tracking one source (GLSAs) would provide me with > all the information I needed to keep my Gentoo boxes secure, but if we > were all to change to a new system, perhaps the kernel GLSAs should have > overlapped with this new system until it was in, tested, and adopted?
While I think that kernels do need additional information to be supplied about a potential security hole (kernel security problems often occur in a module that many people may not use), I agree that kernel vulnerabilities should be published as GLSAs. I subscribe to the GLSA RSS feed, and scan that feed manually against my installed software list. The glsa-check tool is basically useless (as of gentoolkit-0.2.1_pre7), as it shows all GLSAs rather than just GLSAs for tools that correspond to packages installed on the system it is run on. This document here: http://www.gentoo.org/proj/en/portage/glsa-integration.xml talks about including glsa support directly in portage, which I think is the right idea. It mentions kerlnels as covered by glsa-check. In the end, I will be happy with any tool (preferably emerge and/or equery) that can check a running system's installed packages and tell me what GLSAs apply to that system. Regards, - Brian -- gentoo-security@g.o mailing list

Replies

Subject Author
Re: [gentoo-security] Kernels and GLSAs Calum <gentoo-security@××××××××××××.uk>
Re: [gentoo-security] Kernels and GLSAs Marius Mauch <genone@g.o>
Re: [gentoo-security] Kernels and GLSAs Thierry Carrez <koon@g.o>
Re: [gentoo-security] Kernels and GLSAs "W.Kenworthy" <billk@×××××××××.au>