| 1 |
Alex. |
| 2 |
|
| 3 |
May be a call for volunteers more "intense" could improve the manpower. This |
| 4 |
could be a more |
| 5 |
easy start point to address, no?. |
| 6 |
I work too in some [smaller] security processes and can figure out what kind |
| 7 |
of work are you talking about. |
| 8 |
|
| 9 |
As Kauhaus pointed, may be somethings should be automated but again, this is |
| 10 |
a hard job to |
| 11 |
implement and to keep results trustable. |
| 12 |
|
| 13 |
I'd started following this list recently and yet does not know how |
| 14 |
work fluxes are performed here but, may be, this could be a good place to |
| 15 |
start a review of GLSA processes, what |
| 16 |
do you think about this? |
| 17 |
|
| 18 |
|
| 19 |
Regards, |
| 20 |
|
| 21 |
|
| 22 |
Daniel A. Avelino |
| 23 |
|
| 24 |
I thought its time |
| 25 |
|
| 26 |
On Fri, Aug 26, 2011 at 1:57 PM, JD Horelick <jdhore1@×××××.com> wrote: |
| 27 |
|
| 28 |
> On 26 August 2011 12:43, Christoph Jasinski <Krzysiek@×××.net> wrote: |
| 29 |
> > Dear Christian |
| 30 |
> > |
| 31 |
> > Everything is secure. No reason to write GLSAs or to panic. ;) |
| 32 |
> > |
| 33 |
> > |
| 34 |
> > Chris |
| 35 |
> > |
| 36 |
> > Am 26.08.2011 um 18:12 schrieb Christian Kauhaus: |
| 37 |
> > |
| 38 |
> >> Hi, |
| 39 |
> >> |
| 40 |
> >> I'm wondering that may favorite Linux distro hasn't had any security |
| 41 |
> announcements since January. In my opinion this is really problematic. At |
| 42 |
> our company we try to convince prospective customers to host their |
| 43 |
> applications on our Gentoo servers. When asked about security incident |
| 44 |
> handling, I have to say: "They state 'Security is a primary focus' on their |
| 45 |
> website, but they don't inform their users." Not very convincing. |
| 46 |
> >> |
| 47 |
> >> So what is the roadblock that hinders GLSA creation? Is there any way to |
| 48 |
> get the GLSAs into working order again? |
| 49 |
> >> |
| 50 |
> >> Regards |
| 51 |
> >> |
| 52 |
> >> Christian |
| 53 |
> >> |
| 54 |
> >> -- |
| 55 |
> >> Dipl.-Inf. Christian Kauhaus <>< · kc@××××××.com · systems |
| 56 |
> administration |
| 57 |
> >> gocept gmbh & co. kg · forsterstraße 29 · 06112 halle (saale) · germany |
| 58 |
> >> http://gocept.com · tel +49 345 1229889 11 · fax +49 345 1229889 1 |
| 59 |
> >> Zope and Plone consulting and development |
| 60 |
> >> |
| 61 |
> > |
| 62 |
> > |
| 63 |
> > |
| 64 |
> |
| 65 |
> I'm sorry, but I disagree with that. I've been an (unofficial) x86 |
| 66 |
> Archtester for only 2 weeks or so and since then, i've seen more than |
| 67 |
> a few stabilizations needed to address security issues. Also, i've |
| 68 |
> noticed this same problem of not seeing many/any GLSA's in recent |
| 69 |
> history. As an example, in the past month, Debian has had 13 security |
| 70 |
> advisories. I personally doubt that we (Gentoo) don't have to worry |
| 71 |
> about ANY of those 13 advisories... |
| 72 |
> |
| 73 |
> |
Archives