Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Carsten Lohrke <carlo@g.o>
Subject: Re: Kernels and GLSAs
Date: Tue, 20 Sep 2005 19:50:35 +0200
On Tuesday 20 September 2005 18:15, Thierry Carrez wrote:
> Carsten Lohrke wrote:
> > This is indeed a problem. But the user expects a single point of
> > information about vulnerabilities from a distribution - and he's
> > absolutely right to do so.
>
> No, the user expects a single information channel. If we release Kernel
> alerts (GLKAs) in the same media as GLSAs (gentoo-announce, forums and
> RSS feed) he will get both. We can even name them "GLSAs" if that makes
> you feel better. They just won't have the same contents and won't be
> used by the same tools (see my explanation about glsa-check dealing with
> installed packages rather than with currently used kernel).

I think you got me wrong here, I meant absolutely the same as you. The point 
is I never saw any GLKA and no GLSA regarding kernel issues for quite a while 
and while I do not follow the kernel development closely and kiss.gentoo.org 
results in 404 since some time, I'm pretty sure there is quite a number of 
open vulnerabilities - at least in the latest stable 2.4.x kernel.

> Thing is, we can't fix all kernel issues in time for *any* source. By
> listing vulnerabilities rather than fixes, we :

What's the reason? The kernel is of course a bit more critical than Does the 
kernel herd need more time fixing and testing, do the arch herds need more 
time testing, lack of man power?


Carsten
Attachment:
pgp4bhOW4rVFH.pgp (PGP signature)
References:
Kernels and GLSAs
-- Calum
Re: Kernels and GLSAs
-- Carsten Lohrke
Re: Kernels and GLSAs
-- Thierry Carrez
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Kernels and GLSAs
Next by thread:
Re: Kernels and GLSAs
Previous by date:
Re: Kernels and GLSAs
Next by date:
Re: Kernels and GLSAs


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.