| 1 |
This has been a recurring theme with kernel vulnerabilities, and it |
| 2 |
needs to be addressed. |
| 3 |
|
| 4 |
Why don't we have tiered support for the kernel sources in the same way |
| 5 |
we do for arcs... ie: |
| 6 |
|
| 7 |
Tier-1: |
| 8 |
vanilla-sources |
| 9 |
development-sources |
| 10 |
gentoo-sources |
| 11 |
gentoo-dev-sources |
| 12 |
|
| 13 |
Tier-2: |
| 14 |
hardened-sources |
| 15 |
selinux-sources |
| 16 |
grsec-sources |
| 17 |
<tier1 arch>-sources |
| 18 |
|
| 19 |
Tier-3: |
| 20 |
ck, wolk, mm, etc |
| 21 |
<other arch>-sources |
| 22 |
|
| 23 |
Then when all of Tier-1 has been patched, we can release a GLSA for the |
| 24 |
Tier-1 kernels. Similar for Tier-2 and Tier-3. This way, most of our |
| 25 |
users don't have to wait for hppa-dev-sources to be patched before |
| 26 |
getting the GLSA. |
| 27 |
|
| 28 |
On Fri, 2004-06-18 at 03:44, Kurt Lieber wrote: |
| 29 |
> On Fri, Jun 18, 2004 at 08:34:41AM +0200 or thereabouts, spIn wrote: |
| 30 |
> > I'm just wondering, why there's still no GLSA release regarding this |
| 31 |
> > issue. |
| 32 |
> |
| 33 |
> Our kernel team is drastically understaffed at the moment. Given the ~40 |
| 34 |
> different kernel packages we offer in our tree, it makes patching new |
| 35 |
> vulnerabilities difficult. |
| 36 |
> |
| 37 |
> We're aware of and working on the problem, but I can't give you an ETA on |
| 38 |
> when you can expect to see a GLSA and/or patched kernels. |
| 39 |
> |
| 40 |
> If there is anyone out there with some kernel hacking experience, Gentoo |
| 41 |
> can really use your help. If you're interested, please drop me a line |
| 42 |
> off-list and I'll put you in contact with the right people. |
| 43 |
> |
| 44 |
> --kurt |
Archives