List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
Alec Warner wrote:
> Does anyone have a link to the no kernel GLSA news?
No link, I'm afraid. But here is an excerpt from the email I received:
"Thing is, we don't do Kernel GLSAs anymore : by the time all the kernel
sources in Portage get fixed, months had passed and the issue was
It's in the process of being remplaced by an Kernel Interactive Security
Status system (called KISS) that will help assess the current
vulnerabilities of your running kernel and help you chose when to
upgrade, along with specific "vulnerability alerts" telling people that
new big vulnerabilities have been found and to look into KISS for
information on fixed kernels. Exploitable Local Root vulnerabilities
would certainly trigger such an alert.
For the moment, the best way to get informed is to monitor the "Kernel"
component of the "Gentoo Security" product. Now that summer time and
2005.1 are over, I expect that KISS will be opened soon."
This isn't finger pointing, or anything like that at all. Gentoo is the
best distro for me, and that's why I use it, and everyone working on it
does a great job. It's just that I relied on the GLSAs, and never heard
anything to say that they weren't doing kernel GLSAs any more.
gpg : FC64 140F@...
firstname.lastname@example.org mailing list