Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: "Daniel A. Avelino" <daavelino@...>
Subject: Re: No GLSA since January?!?
Date: Fri, 26 Aug 2011 14:18:20 -0300
Alex.<br><br>May be a call for volunteers more &quot;intense&quot; could improve the manpower. This could be a more<br>easy start point to address, no?.<br>I work too in some [smaller] security processes and can figure out what kind of work are you talking about.<br>
<br>As Kauhaus pointed, may be somethings should be automated but again, this is a hard job to <br>implement and to keep results trustable. <br><br>I&#39;d started following this list recently and yet does not know how<br>
work fluxes are performed here but, may be, this could be a good place to start a review of GLSA processes, what<br>do you think about this?<br><br><br>Regards,<br><br><br>Daniel A. Avelino<br><br>I thought its time <br><br>
<div class="gmail_quote">On Fri, Aug 26, 2011 at 1:57 PM, JD Horelick <span dir="ltr">&lt;<a href="mailto:jdhore1@...">jdhore1@...</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div><div></div><div class="h5">On 26 August 2011 12:43, Christoph Jasinski &lt;<a href="mailto:Krzysiek@...">Krzysiek@...</a>&gt; wrote:<br>
&gt; Dear Christian<br>
&gt;<br>
&gt; Everything is secure. No reason to write GLSAs or to panic. ;)<br>
&gt;<br>
&gt;<br>
&gt; Chris<br>
&gt;<br>
&gt; Am 26.08.2011 um 18:12 schrieb Christian Kauhaus:<br>
&gt;<br>
&gt;&gt; Hi,<br>
&gt;&gt;<br>
&gt;&gt; I&#39;m wondering that may favorite Linux distro hasn&#39;t had any security announcements since January. In my opinion this is really problematic. At our company we try to convince prospective customers to host their applications on our Gentoo servers. When asked about security incident handling, I have to say: &quot;They state &#39;Security is a primary focus&#39; on their website, but they don&#39;t inform their users.&quot; Not very convincing.<br>

&gt;&gt;<br>
&gt;&gt; So what is the roadblock that hinders GLSA creation? Is there any way to get the GLSAs into working order again?<br>
&gt;&gt;<br>
&gt;&gt; Regards<br>
&gt;&gt;<br>
&gt;&gt; Christian<br>
&gt;&gt;<br>
&gt;&gt; --<br>
&gt;&gt; Dipl.-Inf. Christian Kauhaus &lt;&gt;&lt; · <a href="mailto:kc@...">kc@...</a> · systems administration<br>
&gt;&gt; gocept gmbh &amp; co. kg · forsterstraße 29 · 06112 halle (saale) · germany<br>
&gt;&gt; <a href="http://gocept.com" target="_blank">http://gocept.com</a> · tel <a href="tel:%2B49%20345%201229889%2011" value="+49345122988911">+49 345 1229889 11</a> · fax <a href="tel:%2B49%20345%201229889%201" value="+4934512298891">+49 345 1229889 1</a><br>

&gt;&gt; Zope and Plone consulting and development<br>
&gt;&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
<br>
</div></div>I&#39;m sorry, but I disagree with that. I&#39;ve been an (unofficial) x86<br>
Archtester for only 2 weeks or so and since then, i&#39;ve seen more than<br>
a few stabilizations needed to address security issues. Also, i&#39;ve<br>
noticed this same problem of not seeing many/any GLSA&#39;s in recent<br>
history. As an example, in the past month, Debian has had 13 security<br>
advisories. I personally doubt that we (Gentoo) don&#39;t have to worry<br>
about ANY of those 13 advisories...<br>
<br>
</blockquote></div><br>
Replies:
Re: No GLSA since January?!?
-- Alex Legler
References:
No GLSA since January?!?
-- Christian Kauhaus
Re: No GLSA since January?!?
-- Christoph Jasinski
Re: No GLSA since January?!?
-- JD Horelick
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: No GLSA since January?!?
Next by thread:
Re: No GLSA since January?!?
Previous by date:
Re: No GLSA since January?!?
Next by date:
Re: No GLSA since January?!?


Updated May 10, 2012

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.