Gentoo Archives: gentoo-security

From: Calum <caluml@×××××.com>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Kernel Security Update Target Delay?
Date: Sun, 26 Sep 2010 18:03:52
Message-Id: AANLkTin91N0ZJe5o4D9HpDX7J3HF0aXqSRrdV8+mFXCF@mail.gmail.com
In Reply to: [gentoo-security] Kernel Security Update Target Delay? by Richard Freeman
On 26 September 2010 11:31, Richard Freeman <rich0@g.o> wrote:
> Gentoo has been vulnerable to a highly-publicized (Guardian, Slashdot, > the works) local privilege escalation for almost two weeks now.  (Well, > it has been vulnerable for years, but of course we didn't know about it > until two weeks ago.) > > In the bugzilla thread tracking the problem it has been mentioned a few > times that the kernel does not receive GLSA support: > http://bugs.gentoo.org/show_bug.cgi?id=337645
Kernels used to be covered in GLSAs. I mourned the loss of kernel GLSAs quite a while back. http://blog.gmane.org/gmane.linux.gentoo.security/month=20070401 Kernels used to be included, but apparently it was too much work getting all the version kernel versions in sync. I used to have script that emailed me applicable GLSAs, and I never heard that they stopped including the kernel, so I was miffed when I found out. I still don't understand why there isn't a single security alert point of reference that covers everything on a Gentoo box though. What would it take to get kernels included again? /meh. PS. Hardened Gentoo still rocks though.

Replies

Subject Author
Re: [gentoo-security] Kernel Security Update Target Delay? Alex Legler <a3li@g.o>