List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
Excerpts from Calum's message of Sun Sep 26 19:28:01 +0200 2010:
> On 26 September 2010 11:31, Richard Freeman <email@example.com> wrote:
> > Gentoo has been vulnerable to a highly-publicized (Guardian, Slashdot,
> > the works) local privilege escalation for almost two weeks now. (Well,
> > it has been vulnerable for years, but of course we didn't know about it
> > until two weeks ago.)
> > In the bugzilla thread tracking the problem it has been mentioned a few
> > times that the kernel does not receive GLSA support:
> > http://bugs.gentoo.org/show_bug.cgi?id=337645
> Kernels used to be covered in GLSAs.
> I mourned the loss of kernel GLSAs quite a while back.
I kindly request follow-up posters to not post +1's in this thread.
> I still don't understand why there isn't a single security alert point
> of reference that covers everything on a Gentoo box though.
> What would it take to get kernels included again?
Kernel sources will not be included in the GLSA system again.
The whole process was designed for userland packages, not kernel
We hope to get the kernel-check  utility to serve this purpose one
The invitation Kurt extended to contact us and help is still standing.
Alex Legler <firstname.lastname@example.org>