List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
On Friday 26 August 2011 20:00:15 Joost Roeleveld wrote:
> On Friday, August 26, 2011 07:06:35 PM Christian Kauhaus wrote:
> > Am 26.08.2011 18:55, schrieb Alex Legler:
> > > Compared to other distributions, our advisories have been rather
> > > detailed with lots of manually researched information. I'm not sure
> > > if
> > > we can keep up this very high standard with the limited manpower,
> > > but
> > > we'll try our best.
> > I see the point. I think it would be an achievement over the current
> > situation (which is: no current GLSAs at all) to send out less detailed
> > GLSAs. Even something short as: "$PACKAGE has vulnerabilities, they are
> > fixed in $VERSION, for details see $CVE" would be immensely helpful.
> > Is the any viable way to get it at least to this point? Probably the
> > largest part of such a task could be automated. This would lift the
> > burden from the security maintainers.
> I agree on this.
> I don't (yet) know enough to actually help in this. I tend to follow
> advisories and try to keep my machines as much up-to-date as possible.
> More brief GSLAs like what Christian mentioned are, for the majority,
> sufficient. If someone really needs more information, there is always
Like I said, please use Bugzilla and some basic filtering to get notifications
until we can provide full advisories again. I realize it's not a solution and
you will get the information somewhat unfiltered, but it is a reliable and
most importantly currently available source of information.
Alex Legler <firstname.lastname@example.org>
Gentoo Security / Ruby
signature.asc (This is a digitally signed message part.)