1 |
This has been a recurring theme with kernel vulnerabilities, and it |
2 |
needs to be addressed. |
3 |
|
4 |
Why don't we have tiered support for the kernel sources in the same way |
5 |
we do for arcs... ie: |
6 |
|
7 |
Tier-1: |
8 |
vanilla-sources |
9 |
development-sources |
10 |
gentoo-sources |
11 |
gentoo-dev-sources |
12 |
|
13 |
Tier-2: |
14 |
hardened-sources |
15 |
selinux-sources |
16 |
grsec-sources |
17 |
<tier1 arch>-sources |
18 |
|
19 |
Tier-3: |
20 |
ck, wolk, mm, etc |
21 |
<other arch>-sources |
22 |
|
23 |
Then when all of Tier-1 has been patched, we can release a GLSA for the |
24 |
Tier-1 kernels. Similar for Tier-2 and Tier-3. This way, most of our |
25 |
users don't have to wait for hppa-dev-sources to be patched before |
26 |
getting the GLSA. |
27 |
|
28 |
On Fri, 2004-06-18 at 03:44, Kurt Lieber wrote: |
29 |
> On Fri, Jun 18, 2004 at 08:34:41AM +0200 or thereabouts, spIn wrote: |
30 |
> > I'm just wondering, why there's still no GLSA release regarding this |
31 |
> > issue. |
32 |
> |
33 |
> Our kernel team is drastically understaffed at the moment. Given the ~40 |
34 |
> different kernel packages we offer in our tree, it makes patching new |
35 |
> vulnerabilities difficult. |
36 |
> |
37 |
> We're aware of and working on the problem, but I can't give you an ETA on |
38 |
> when you can expect to see a GLSA and/or patched kernels. |
39 |
> |
40 |
> If there is anyone out there with some kernel hacking experience, Gentoo |
41 |
> can really use your help. If you're interested, please drop me a line |
42 |
> off-list and I'll put you in contact with the right people. |
43 |
> |
44 |
> --kurt |