Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Alec Warner <warnera6@...>
Subject: Re: Kernels and GLSAs
Date: Wed, 21 Sep 2005 00:18:37 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thierry Carrez wrote:
> Brian G. Peterson wrote:
> 
> 
>>On Tuesday 20 September 2005 06:09 am, Calum wrote:
>>
>>
> This ongoing kernel security information, along with kernel security
> alerts when really big things are discovered (Local Root that would work
> on most configurations, for example) was for us the best solution. KISS
> is almost ready for BETA release, meaning you should be able to access
> it very soon for testing.
> 
> Also KISS was no secret, it's in the Security project objectives for
> year 2005, as published on this list at the beginning of the year.
> 
> Thanks for your attention.
> 
<snip snip>

I am in support of whatever you decide, but I would expect there to be
documentation somewhere stating current policy ( that being that kernel
security bugs are not made into GLSA's ).  Knowing this I can work
around it and find other ways to keep my kernel updated.  However no one
wants to be under the false pretense that GLSA's cover all security
problems and then get nailed by a kernel security issue.

I don't see anything about the security seciton of gentoo's website
detailing that kernel security issues aren't in GLSA's and I think it
would be helpful to include that.  It may even be helpful to add it to
the post_inst of gentoolkit/glsa-check's manpage.  Right now if I read
the security handbook or the GLSA documentation I am misinformed.

If you are indeed switching to a system that works better I think many
would enjoy an upgrade of docs, or issuing GLSA's until you have KISS
running, or just documentation that says kernel security bugs are not
covered by GLSA's.

If you want a bug filed, I can do that as well.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iQIVAwUBQzDfHGzglR5RwbyYAQL5+w/+LTaohDpFWqguv98wkMXEl+ZwsQZNeSJt
WOV+X9HAqa+l/dvU0noCd0CvjKBCiYsmbzXHBiGvAmu3HYrdUGCejSC9pnVLRLlC
JkNRklehGGEzKBXNgPYrMnlq0ybF8UjFcTgkXIycG9ucJbCwD0hyotwRI1kGe3sM
Tuq1TqBjeZGNPfCymREqv6Pn9OlDWNVzXSQ9xnin0/xscVvQbUw8dAx4AgoTL4Jo
ltzNU89KMyeEALgy4W0ctE4v/tIbrPY+Ye/Ypd8AYO6JW5LBnik2njc3KArybzsp
2BOhBKMPC4mh3BLr2IP3kJzavtEOjvME/9DkqSuuDB09SexaGmiZSnCFkRG5XSs7
GQPVzsFxfW2c913FZ0I4Nij3jwK7PcGxOCUHhAirLd1VHizoFYBcHJxK1ldACUR0
dtSuc/2yAg1bMBkHvJhDS4MDEdIchqmvBsCD9YxjpZ+vulMdUDigP1jokiuqlLRp
y2rBGXfFJxCVywjvmJ67V45Rxh83QG75TaIP7LAb19pJH71lVbt1RqmvikIZuFHv
Te5cJ6HW5egWrjIMLKCp9ZpZrXpRCZXHxVoNwqUcI1QI+uTbKuBh/4DLsKFPjAvU
hWgvuIOxIaH3E2fHNoaaUbO90qeq8pmRFkUNHAc3TPIA6zcYwS/mne8PvFvq12rJ
8TPPR7XO2L0=
=hxQ6
-----END PGP SIGNATURE-----
-- 
gentoo-security@g.o mailing list


References:
Kernels and GLSAs
-- Calum
Re: Kernels and GLSAs
-- Brian G. Peterson
Re: Kernels and GLSAs
-- Thierry Carrez
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Kernels and GLSAs
Next by thread:
KISS
Previous by date:
Re: Kernels and GLSAs
Next by date:
Re: Kernels and GLSAs


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.