| 1 |
Alec Warner wrote: |
| 2 |
|
| 3 |
> Does anyone have a link to the no kernel GLSA news? |
| 4 |
|
| 5 |
No link, I'm afraid. But here is an excerpt from the email I received: |
| 6 |
|
| 7 |
"Thing is, we don't do Kernel GLSAs anymore : by the time all the kernel |
| 8 |
sources in Portage get fixed, months had passed and the issue was |
| 9 |
forgotten/exploited already. |
| 10 |
|
| 11 |
It's in the process of being remplaced by an Kernel Interactive Security |
| 12 |
Status system (called KISS) that will help assess the current |
| 13 |
vulnerabilities of your running kernel and help you chose when to |
| 14 |
upgrade, along with specific "vulnerability alerts" telling people that |
| 15 |
new big vulnerabilities have been found and to look into KISS for |
| 16 |
information on fixed kernels. Exploitable Local Root vulnerabilities |
| 17 |
would certainly trigger such an alert. |
| 18 |
|
| 19 |
For the moment, the best way to get informed is to monitor the "Kernel" |
| 20 |
component of the "Gentoo Security" product. Now that summer time and |
| 21 |
2005.1 are over, I expect that KISS will be opened soon." |
| 22 |
|
| 23 |
|
| 24 |
This isn't finger pointing, or anything like that at all. Gentoo is the |
| 25 |
best distro for me, and that's why I use it, and everyone working on it |
| 26 |
does a great job. It's just that I relied on the GLSAs, and never heard |
| 27 |
anything to say that they weren't doing kernel GLSAs any more. |
| 28 |
|
| 29 |
Calum |
| 30 |
|
| 31 |
-- |
| 32 |
gpg : FC64 140F@××××××××××××××.net |
| 33 |
jabber: calum@×××××××××××.org |
| 34 |
-- |
| 35 |
gentoo-security@g.o mailing list |
Archives