1 |
Alex. |
2 |
|
3 |
May be a call for volunteers more "intense" could improve the manpower. This |
4 |
could be a more |
5 |
easy start point to address, no?. |
6 |
I work too in some [smaller] security processes and can figure out what kind |
7 |
of work are you talking about. |
8 |
|
9 |
As Kauhaus pointed, may be somethings should be automated but again, this is |
10 |
a hard job to |
11 |
implement and to keep results trustable. |
12 |
|
13 |
I'd started following this list recently and yet does not know how |
14 |
work fluxes are performed here but, may be, this could be a good place to |
15 |
start a review of GLSA processes, what |
16 |
do you think about this? |
17 |
|
18 |
|
19 |
Regards, |
20 |
|
21 |
|
22 |
Daniel A. Avelino |
23 |
|
24 |
I thought its time |
25 |
|
26 |
On Fri, Aug 26, 2011 at 1:57 PM, JD Horelick <jdhore1@×××××.com> wrote: |
27 |
|
28 |
> On 26 August 2011 12:43, Christoph Jasinski <Krzysiek@×××.net> wrote: |
29 |
> > Dear Christian |
30 |
> > |
31 |
> > Everything is secure. No reason to write GLSAs or to panic. ;) |
32 |
> > |
33 |
> > |
34 |
> > Chris |
35 |
> > |
36 |
> > Am 26.08.2011 um 18:12 schrieb Christian Kauhaus: |
37 |
> > |
38 |
> >> Hi, |
39 |
> >> |
40 |
> >> I'm wondering that may favorite Linux distro hasn't had any security |
41 |
> announcements since January. In my opinion this is really problematic. At |
42 |
> our company we try to convince prospective customers to host their |
43 |
> applications on our Gentoo servers. When asked about security incident |
44 |
> handling, I have to say: "They state 'Security is a primary focus' on their |
45 |
> website, but they don't inform their users." Not very convincing. |
46 |
> >> |
47 |
> >> So what is the roadblock that hinders GLSA creation? Is there any way to |
48 |
> get the GLSAs into working order again? |
49 |
> >> |
50 |
> >> Regards |
51 |
> >> |
52 |
> >> Christian |
53 |
> >> |
54 |
> >> -- |
55 |
> >> Dipl.-Inf. Christian Kauhaus <>< · kc@××××××.com · systems |
56 |
> administration |
57 |
> >> gocept gmbh & co. kg · forsterstraße 29 · 06112 halle (saale) · germany |
58 |
> >> http://gocept.com · tel +49 345 1229889 11 · fax +49 345 1229889 1 |
59 |
> >> Zope and Plone consulting and development |
60 |
> >> |
61 |
> > |
62 |
> > |
63 |
> > |
64 |
> |
65 |
> I'm sorry, but I disagree with that. I've been an (unofficial) x86 |
66 |
> Archtester for only 2 weeks or so and since then, i've seen more than |
67 |
> a few stabilizations needed to address security issues. Also, i've |
68 |
> noticed this same problem of not seeing many/any GLSA's in recent |
69 |
> history. As an example, in the past month, Debian has had 13 security |
70 |
> advisories. I personally doubt that we (Gentoo) don't have to worry |
71 |
> about ANY of those 13 advisories... |
72 |
> |
73 |
> |