1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
Thierry Carrez wrote: |
5 |
> Brian G. Peterson wrote: |
6 |
> |
7 |
> |
8 |
>>On Tuesday 20 September 2005 06:09 am, Calum wrote: |
9 |
>> |
10 |
>> |
11 |
> This ongoing kernel security information, along with kernel security |
12 |
> alerts when really big things are discovered (Local Root that would work |
13 |
> on most configurations, for example) was for us the best solution. KISS |
14 |
> is almost ready for BETA release, meaning you should be able to access |
15 |
> it very soon for testing. |
16 |
> |
17 |
> Also KISS was no secret, it's in the Security project objectives for |
18 |
> year 2005, as published on this list at the beginning of the year. |
19 |
> |
20 |
> Thanks for your attention. |
21 |
> |
22 |
<snip snip> |
23 |
|
24 |
I am in support of whatever you decide, but I would expect there to be |
25 |
documentation somewhere stating current policy ( that being that kernel |
26 |
security bugs are not made into GLSA's ). Knowing this I can work |
27 |
around it and find other ways to keep my kernel updated. However no one |
28 |
wants to be under the false pretense that GLSA's cover all security |
29 |
problems and then get nailed by a kernel security issue. |
30 |
|
31 |
I don't see anything about the security seciton of gentoo's website |
32 |
detailing that kernel security issues aren't in GLSA's and I think it |
33 |
would be helpful to include that. It may even be helpful to add it to |
34 |
the post_inst of gentoolkit/glsa-check's manpage. Right now if I read |
35 |
the security handbook or the GLSA documentation I am misinformed. |
36 |
|
37 |
If you are indeed switching to a system that works better I think many |
38 |
would enjoy an upgrade of docs, or issuing GLSA's until you have KISS |
39 |
running, or just documentation that says kernel security bugs are not |
40 |
covered by GLSA's. |
41 |
|
42 |
If you want a bug filed, I can do that as well. |
43 |
-----BEGIN PGP SIGNATURE----- |
44 |
Version: GnuPG v1.4.1 (GNU/Linux) |
45 |
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org |
46 |
|
47 |
iQIVAwUBQzDfHGzglR5RwbyYAQL5+w/+LTaohDpFWqguv98wkMXEl+ZwsQZNeSJt |
48 |
WOV+X9HAqa+l/dvU0noCd0CvjKBCiYsmbzXHBiGvAmu3HYrdUGCejSC9pnVLRLlC |
49 |
JkNRklehGGEzKBXNgPYrMnlq0ybF8UjFcTgkXIycG9ucJbCwD0hyotwRI1kGe3sM |
50 |
Tuq1TqBjeZGNPfCymREqv6Pn9OlDWNVzXSQ9xnin0/xscVvQbUw8dAx4AgoTL4Jo |
51 |
ltzNU89KMyeEALgy4W0ctE4v/tIbrPY+Ye/Ypd8AYO6JW5LBnik2njc3KArybzsp |
52 |
2BOhBKMPC4mh3BLr2IP3kJzavtEOjvME/9DkqSuuDB09SexaGmiZSnCFkRG5XSs7 |
53 |
GQPVzsFxfW2c913FZ0I4Nij3jwK7PcGxOCUHhAirLd1VHizoFYBcHJxK1ldACUR0 |
54 |
dtSuc/2yAg1bMBkHvJhDS4MDEdIchqmvBsCD9YxjpZ+vulMdUDigP1jokiuqlLRp |
55 |
y2rBGXfFJxCVywjvmJ67V45Rxh83QG75TaIP7LAb19pJH71lVbt1RqmvikIZuFHv |
56 |
Te5cJ6HW5egWrjIMLKCp9ZpZrXpRCZXHxVoNwqUcI1QI+uTbKuBh/4DLsKFPjAvU |
57 |
hWgvuIOxIaH3E2fHNoaaUbO90qeq8pmRFkUNHAc3TPIA6zcYwS/mne8PvFvq12rJ |
58 |
8TPPR7XO2L0= |
59 |
=hxQ6 |
60 |
-----END PGP SIGNATURE----- |
61 |
-- |
62 |
gentoo-security@g.o mailing list |