Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security <gentoo-security@g.o>
From: Alex Legler <a3li@g.o>
Subject: Re: Kernel Security Update Target Delay?
Date: Sun, 26 Sep 2010 23:42:00 +0200
Excerpts from Calum's message of Sun Sep 26 19:28:01 +0200 2010:
> On 26 September 2010 11:31, Richard Freeman <rich0@g.o> wrote:
> > Gentoo has been vulnerable to a highly-publicized (Guardian, Slashdot,
> > the works) local privilege escalation for almost two weeks now.  (Well,
> > it has been vulnerable for years, but of course we didn't know about it
> > until two weeks ago.)
> >
> > In the bugzilla thread tracking the problem it has been mentioned a few
> > times that the kernel does not receive GLSA support:
> > http://bugs.gentoo.org/show_bug.cgi?id=337645
> 
> Kernels used to be covered in GLSAs.
> I mourned the loss of kernel GLSAs quite a while back.
> http://blog.gmane.org/gmane.linux.gentoo.security/month=20070401

I kindly request follow-up posters to not post +1's in this thread.

> […] 
> I still don't understand why there isn't a single security alert point
> of reference that covers everything on a Gentoo box though.
> What would it take to get kernels included again?

Kernel sources will not be included in the GLSA system again.
The whole process was designed for userland packages, not kernel
sources.

We hope to get the kernel-check [1] utility to serve this purpose one
day.

The invitation Kurt extended to contact us and help is still standing.

[1]
http://git.overlays.gentoo.org/gitweb/?p=proj/kernel-check.git;a=summary
-- 
Alex Legler <a3li@g.o>
Gentoo Security/Ruby
Attachment:
signature.asc (PGP signature)
References:
Kernel Security Update Target Delay?
-- Richard Freeman
Re: Kernel Security Update Target Delay?
-- Calum
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Kernel Security Update Target Delay?
Next by thread:
Re: Kernel Security Update Target Delay?
Previous by date:
Re: Kernel Security Update Target Delay?
Next by date:
Re: Kernel Security Update Target Delay?


Updated May 10, 2012

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.