List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
On Monday 16 April 2007 16:05, William L. Thomson Jr. wrote:
> Not to mention in my case upstream had already acted or etc, so no
> patching or etc was needed on my behalf. Just bumps and stabilization if
Yeah, this is because the Security team is simply understaffed as has been the
case for far too long. We only have a few very active members and due to
process and QA stuff it simply takes time. I hope we're going to bring it
down soon though.
Try searching for bugs in ebuild+ or ebuild++ status, that should give a hint
about what problems we face. Not to mention other + and ++ statuses.
> Kernel issues must be a nightmare for the security team.
Kernel issues are a nightmare because of the many sources and the way Gentoo
handles kernel sources. emerge gentoo-sources won't magically fix your
machine and besides not everyone want to upgrade their kernel for every small
issue. That's why plasmaroo wrote KISS, sadly he left before it went public
and now we waiting for another tool for kernel issues. It's not even on the
horizon yet (at least not to my knowledge). This started out as a small
problem that we thought would be temporary but has sadly turned kind of
permanent without us informing users properly. So if you want to help get
things back on track please join #gentoo-security and lets talk.
Sune Kloppenborg Jeppesen
Gentoo Linux Security Team