List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
- Security Updates And Announcements -
Security problems should be reported via bugzilla and assigned to
security@gentoo (this is a must)
As it stands right now our security updates have undergone alot of
changes in the last few months and there are still some quarks to work
out. The general idea we are aiming for is GLSA's in xml format. This
allows us to display the GLSA's on-line as well as have portage take
advantage of those GLSA's for the upcoming "emerge --security" feature.
GLSA's are sent primarily to 3 places full-disclosure, bugtraq,
email@example.com. At one time they went to this list here but for
what ever reason some people started complaining about getting a GLSA
from more than one list. Honestly I think those people should get over
it and GLSA's be sent to this list again or perhaps a
gentoo-security-announce@ would be a better place.
Anyway as you all know Gentoo is a community driven effort and we only
can only take care of the tasks we have time for. A lot of our
developers have other lives so and dont always have time to sit around
writing up a GLSA. So the simple solution to this would be to recruit
more people to help out in this area, however technical writers with a
clue are a rare commodity. So I'd like to open up a slot or two for a
few people from this list that may be willing to help out in this dept.
If you think you have what it takes please drop a mail to solar@gentoo
and CC: security@gentoo . We also need more people actually reporting
security problems and solutions to bugzilla so that something can be
done about them.
Currently we are also exploring the idea of user contributed GLSA's.
Tim Yamin <plasmaroo@gentoo> wants people to test the GLSAMaker at
http://dev.gentoo.org/~plasmaroo/glsa-test and complain to him if it
And for you irc junkies you can find most of the sec team on
Hope this has been somewhat enlightening.
Ned Ludd <firstname.lastname@example.org>
Gentoo Linux Developer
signature.asc (This is a digitally signed message part)