Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Alex Legler <a3li@g.o>
Subject: Re: No GLSA since January?!?
Date: Fri, 26 Aug 2011 18:55:43 +0200
On Friday 26 August 2011 18:12:00 Christian Kauhaus wrote:
> Hi,
> 
> I'm wondering that may favorite Linux distro hasn't had any security
> announcements since January. In my opinion this is really problematic. At
> our company we try to convince prospective customers to host their
> applications on our Gentoo servers. When asked about security incident
> handling, I have to say: "They state 'Security is a primary focus' on their
> website, but they don't inform their users." Not very convincing.
> 

That's the issue with an all-volunteer team. We lost some active members and 
with that quite some momentum. The remainder of the team currently focuses on 
getting issues fixed, which actually works quite well. Users who are watching 
our alias in Bugzilla were informed about all updates.

Making advisories with the available tool and process set was very time-
intensive, I've been working on making that drafting process faster. The goal 
we currently have is to wrap up the pending advisories in September with a few 
large grouped advisories and resume sending advisories after that as usual.

Compared to other distributions, our advisories have been rather detailed with 
lots of manually researched information. I'm not sure if we can keep up this 
very high standard with the limited manpower, but we'll try our best.

For quite some time now, there has also been a staffing request on the 
website, with low-to-medium success (yielding 1 new team member). Most people 
interested didn't think the job came with that much boring work. (No, we're 
not hacking stuff all day)

> So what is the roadblock that hinders GLSA creation? Is there any way to get
> the GLSAs into working order again?

tl;dr: Get more people to do boring work.

Alex

-- 
Alex Legler <a3li@g.o>
Gentoo Security / Ruby
Attachment:
signature.asc (This is a digitally signed message part.)
Replies:
Re: No GLSA since January?!?
-- Christian Kauhaus
References:
No GLSA since January?!?
-- Christian Kauhaus
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: No GLSA since January?!?
Next by thread:
Re: No GLSA since January?!?
Previous by date:
Re: No GLSA since January?!?
Next by date:
Re: No GLSA since January?!?


Updated Oct 31, 2011

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.