1 |
On Tue, 20 Sep 2005 07:16:36 -0500 |
2 |
"Brian G. Peterson" <brian@×××××××××.com> wrote: |
3 |
|
4 |
> On Tuesday 20 September 2005 06:09 am, Calum wrote: |
5 |
> > I prefer the idea that tracking one source (GLSAs) would provide me |
6 |
> > with all the information I needed to keep my Gentoo boxes secure, |
7 |
> > but if we were all to change to a new system, perhaps the kernel |
8 |
> > GLSAs should have overlapped with this new system until it was in, |
9 |
> > tested, and adopted? |
10 |
> |
11 |
> While I think that kernels do need additional information to be |
12 |
> supplied about a potential security hole (kernel security problems |
13 |
> often occur in a module that many people may not use), I agree that |
14 |
> kernel vulnerabilities should be published as GLSAs. |
15 |
> |
16 |
> I subscribe to the GLSA RSS feed, and scan that feed manually against |
17 |
> my installed software list. The glsa-check tool is basically useless |
18 |
> (as of gentoolkit-0.2.1_pre7), as it shows all GLSAs rather than just |
19 |
> GLSAs for tools that correspond to packages installed on the system |
20 |
> it is run on. |
21 |
|
22 |
Can you explain this a bit more? glsa-check hasn't actually changed for |
23 |
a long time. Also make sure you don't confuse the --list option with |
24 |
the --test option. |
25 |
|
26 |
Marius |
27 |
|
28 |
-- |
29 |
Public Key at http://www.genone.de/info/gpg-key.pub |
30 |
|
31 |
In the beginning, there was nothing. And God said, 'Let there be |
32 |
Light.' And there was still nothing, but you could see a bit better. |