On Friday 26 August 2011 14:18:20 Daniel A. Avelino wrote:
> Alex.
> 
> May be a call for volunteers more "intense" could improve the manpower. This
> could be a more
> easy start point to address, no?.

Well, the staffing needs page IS the point for making such calls. It's not 
that we haven't had people contacting us about helping, it's that they usually 
disappear shortly after that again after they've seen the tasks at hand.

> I work too in some [smaller] security processes and can figure out what kind
> of work are you talking about.
> 
> As Kauhaus pointed, may be somethings should be automated but again, this is
> a hard job to
> implement and to keep results trustable.
> 

Automation is a key thing I've been introducing in the new tools and processes 
for sending advisories.
I'd rather not focus on a temporary automated system however, knowing that 
we're about to get back to the/near the status quo.

> I'd started following this list recently and yet does not know how
> work fluxes are performed here but, may be, this could be a good place to
> start a review of GLSA processes, what
> do you think about this?

You can find the relevant info on our websites [1]

The thing is, the basic idea cannot be changed. We will always have a flow 
issue -> bug -> fix -> stabling -> advisory.

Specifically, the current goal is, to have the advisory drafting starting 
earlier and using the information we've already entered into our bugzilla and 
CVE tracker in a much more integrated way. It's a bit hard to explain, you'd 
best see for yourself (by joining us of course! ;)). 

Alex

[1] http://www.gentoo.org/proj/en/security/

-- 
Alex Legler <a3li@g.o>
Gentoo Security / Ruby