1 |
On 4/16/07, Calum <caluml@×××××.com> wrote: |
2 |
> But the infrastructure is already in place for GLSA's. |
3 |
|
4 |
With all due respect, you haven't the faintest idea how much work it |
5 |
takes to issue a GLSA. It's not a simple matter of typing some stuff |
6 |
in an email and hitting send. You have to chase devs down and get |
7 |
them to patch their stuff. You have to chase arch maintainers down |
8 |
and get them to test things and mark them stable. You have to chase |
9 |
security people down to draft the GLSA. You have to chase more |
10 |
security people down to peer review the GLSA. |
11 |
|
12 |
I don't know that we've ever formally quantified how much time an |
13 |
average GLSA takes, but my semi-educated guess would be in the |
14 |
neighborhood of 10 hours per package. |
15 |
|
16 |
Now, take that process and multiply it by the number of -sources in |
17 |
the tree and you can start to get an idea for how much time it takes |
18 |
to issue kernel updates. |
19 |
|
20 |
So, again, #gentoo-security is where you can start being part of the solution. |
21 |
|
22 |
--kurt |
23 |
-- |
24 |
gentoo-security@g.o mailing list |