On Feb 16, 2008 10:57 PM, Casey Link <unnamedrambler@...> wrote:
> After reading the tangent topic in bug id 209460 concerning kernel
> vulnerabilities and GLSAs I did some searching and
> came across the "Kernels and GLSAs" thread from awhile ago.
And here's another one:
I started this one, and share the same views as then.
It might be boring work, (and no, I can't do it - I'm just a user of
Gentoo), but it's just strange to leave out the core on which all
other packages utilise, and depend on.
Perhaps a compromise could be reached: Only serious vulnerabilities,
in defaultly/commonly/always used parts of the kernel, causing local,
or remote root escalations would be notified?
Ddos in raid-xyz.o on MIPS only in 2.6.16-rc2-mm-test - doesn't matter.
local root in splice.c on x86/amd64 affecting 95% of kernel users - does matter.
In fact, I'd prefer that to the old
Anyway, it's late, and I'm tired, and I'm not detracting from the
great job the security team do (and especially the Hardened guys), but
it's nice to have just a one-stop-shop to know if you're running
secure versions of things. (*Yes, having sources-x.y.z installed
doesn't mean that you're running it, but at least it'll force you to
install the sources to stop glsa-check from bitchin' :) - and then,
well, if you don't compile, build, and run it, well, that's your own
email@example.com mailing list