Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: "Brian G. Peterson" <brian@...>
Subject: Re: Kernels and GLSAs
Date: Tue, 20 Sep 2005 07:16:36 -0500
On Tuesday 20 September 2005 06:09 am, Calum wrote:
> I prefer the idea that tracking one source (GLSAs) would provide me with
> all the information I needed to keep my Gentoo boxes secure, but if we
> were all to change to a new system, perhaps the kernel GLSAs should have
> overlapped with this new system until it was in, tested, and adopted?

While I think that kernels do need additional information to be supplied about 
a potential security hole (kernel security problems often occur in a module 
that many people may not use),  I agree that kernel vulnerabilities should be 
published as GLSAs.  

I subscribe to the GLSA RSS feed, and scan that feed manually against my 
installed software list.  The glsa-check tool is basically useless (as of 
gentoolkit-0.2.1_pre7), as it shows all GLSAs rather than just GLSAs for 
tools that correspond to packages installed on the system it is run on.

This document here:
http://www.gentoo.org/proj/en/portage/glsa-integration.xml
talks about including glsa support directly in portage, which I think is the 
right idea.  It mentions kerlnels as covered by glsa-check.

In the end, I will be happy with any tool (preferably emerge and/or equery) 
that can check a running system's installed packages and tell me what GLSAs 
apply to that system.

Regards,

   - Brian

-- 
gentoo-security@g.o mailing list


Replies:
Re: Kernels and GLSAs
-- Thierry Carrez
Re: Kernels and GLSAs
-- Calum
Re: Kernels and GLSAs
-- Marius Mauch
Re: Kernels and GLSAs
-- W.Kenworthy
References:
Kernels and GLSAs
-- Calum
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Kernels and GLSAs
Next by thread:
Re: Kernels and GLSAs
Previous by date:
Kernels and GLSAs
Next by date:
Re: Kernels and GLSAs


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.