Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Joost Roeleveld <joost@...>
Subject: Re: No GLSA since January?!?
Date: Fri, 26 Aug 2011 21:30:02 +0200
On Friday, August 26, 2011 08:07:57 PM Alex Legler wrote:
> On Friday 26 August 2011 20:00:15 Joost Roeleveld wrote:
> > On Friday, August 26, 2011 07:06:35 PM Christian Kauhaus wrote:
> > > Am 26.08.2011 18:55, schrieb Alex Legler:
> > > > Compared to other distributions, our advisories have been rather
> > > > detailed with lots of manually researched information. I'm not
> > > > sure
> > > > if
> > > > we can keep up this very high standard with the limited
> > > > manpower,
> > > > but
> > > > we'll try our best.
> > > 
> > > I see the point. I think it would be an achievement over the current
> > > situation (which is: no current GLSAs at all) to send out less
> > > detailed
> > > GLSAs. Even something short as: "$PACKAGE has vulnerabilities, they
> > > are
> > > fixed in $VERSION, for details see $CVE" would be immensely helpful.
> > > 
> > > Is the any viable way to get it at least to this point? Probably the
> > > largest part of such a task could be automated. This would lift the
> > > burden from the security maintainers.
> > 
> > I agree on this.
> > I don't (yet) know enough to actually help in this. I tend to follow
> > advisories and try to keep my machines as much up-to-date as possible.
> > 
> > More brief GSLAs like what Christian mentioned are, for the majority,
> > sufficient. If someone really needs more information, there is always
> > google.
> 
> Like I said, please use Bugzilla and some basic filtering to get
> notifications until we can provide full advisories again. I realize it's
> not a solution and you will get the information somewhat unfiltered, but it
> is a reliable and most importantly currently available source of
> information.
> 
> Alex

Alex,

If my reply seemed, in any way, to suggest I do not appreciate the amount of 
work that has been going into the GLSAs and the difficulty in finding the 
people to keep doing it, then I am sorry.
It wasn't meant to sound that way.

I'll go read the Padawan page and see if there is anything I can do.

For others, the padawan-page can be found here:
http://www.gentoo.org/security/en/padawans.xml

--
Joost


References:
No GLSA since January?!?
-- Christian Kauhaus
Re: No GLSA since January?!?
-- Joost Roeleveld
Re: No GLSA since January?!?
-- Alex Legler
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: No GLSA since January?!?
Next by thread:
Re: No GLSA since January?!?
Previous by date:
Re: No GLSA since January?!?
Next by date:
Re: No GLSA since January?!?


Updated May 10, 2012

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.