List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
On 4/16/07, Calum <caluml@...> wrote:
> But the infrastructure is already in place for GLSA's.
With all due respect, you haven't the faintest idea how much work it
takes to issue a GLSA. It's not a simple matter of typing some stuff
in an email and hitting send. You have to chase devs down and get
them to patch their stuff. You have to chase arch maintainers down
and get them to test things and mark them stable. You have to chase
security people down to draft the GLSA. You have to chase more
security people down to peer review the GLSA.
I don't know that we've ever formally quantified how much time an
average GLSA takes, but my semi-educated guess would be in the
neighborhood of 10 hours per package.
Now, take that process and multiply it by the number of -sources in
the tree and you can start to get an idea for how much time it takes
to issue kernel updates.
So, again, #gentoo-security is where you can start being part of the solution.
email@example.com mailing list