On Monday 16 April 2007 16:05, William L. Thomson Jr. wrote:
> Not to mention in my case upstream had already acted or etc, so no
> patching or etc was needed on my behalf. Just bumps and stabilization if
> anything.
Yeah, this is because the Security team is simply understaffed as has been the 
case for far too long. We only have a few very active members and due to 
process and QA stuff it simply takes time. I hope we're going to bring it 
down soon though.

Try searching for bugs in ebuild+ or ebuild++ status, that should give a hint 
about what problems we face. Not to mention other + and ++ statuses.

> Kernel issues must be a nightmare for the security team.
Kernel issues are a nightmare because of the many sources and the way Gentoo 
handles kernel sources. emerge gentoo-sources won't magically fix your 
machine and besides not everyone want to upgrade their kernel for every small 
issue. That's why plasmaroo wrote KISS, sadly he left before it went public 
and now we waiting for another tool for kernel issues. It's not even on the 
horizon yet (at least not to my knowledge). This started out as a small 
problem that we thought would be temporary but has sadly turned kind of 
permanent without us informing users properly. So if you want to help get 
things back on track please join #gentoo-security and lets talk.

-- 
Sune Kloppenborg Jeppesen
Gentoo Linux Security Team