| 1 |
On Monday 16 April 2007 16:05, William L. Thomson Jr. wrote: |
| 2 |
> Not to mention in my case upstream had already acted or etc, so no |
| 3 |
> patching or etc was needed on my behalf. Just bumps and stabilization if |
| 4 |
> anything. |
| 5 |
Yeah, this is because the Security team is simply understaffed as has been the |
| 6 |
case for far too long. We only have a few very active members and due to |
| 7 |
process and QA stuff it simply takes time. I hope we're going to bring it |
| 8 |
down soon though. |
| 9 |
|
| 10 |
Try searching for bugs in ebuild+ or ebuild++ status, that should give a hint |
| 11 |
about what problems we face. Not to mention other + and ++ statuses. |
| 12 |
|
| 13 |
> Kernel issues must be a nightmare for the security team. |
| 14 |
Kernel issues are a nightmare because of the many sources and the way Gentoo |
| 15 |
handles kernel sources. emerge gentoo-sources won't magically fix your |
| 16 |
machine and besides not everyone want to upgrade their kernel for every small |
| 17 |
issue. That's why plasmaroo wrote KISS, sadly he left before it went public |
| 18 |
and now we waiting for another tool for kernel issues. It's not even on the |
| 19 |
horizon yet (at least not to my knowledge). This started out as a small |
| 20 |
problem that we thought would be temporary but has sadly turned kind of |
| 21 |
permanent without us informing users properly. So if you want to help get |
| 22 |
things back on track please join #gentoo-security and lets talk. |
| 23 |
|
| 24 |
-- |
| 25 |
Sune Kloppenborg Jeppesen |
| 26 |
Gentoo Linux Security Team |
Archives