Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Alex Legler <a3li@g.o>
Subject: Re: No GLSA since January?!?
Date: Fri, 26 Aug 2011 19:57:29 +0200
On Friday 26 August 2011 14:18:20 Daniel A. Avelino wrote:
> Alex.
> 
> May be a call for volunteers more "intense" could improve the manpower. This
> could be a more
> easy start point to address, no?.

Well, the staffing needs page IS the point for making such calls. It's not 
that we haven't had people contacting us about helping, it's that they usually 
disappear shortly after that again after they've seen the tasks at hand.

> I work too in some [smaller] security processes and can figure out what kind
> of work are you talking about.
> 
> As Kauhaus pointed, may be somethings should be automated but again, this is
> a hard job to
> implement and to keep results trustable.
> 

Automation is a key thing I've been introducing in the new tools and processes 
for sending advisories.
I'd rather not focus on a temporary automated system however, knowing that 
we're about to get back to the/near the status quo.

> I'd started following this list recently and yet does not know how
> work fluxes are performed here but, may be, this could be a good place to
> start a review of GLSA processes, what
> do you think about this?

You can find the relevant info on our websites [1]

The thing is, the basic idea cannot be changed. We will always have a flow 
issue -> bug -> fix -> stabling -> advisory.

Specifically, the current goal is, to have the advisory drafting starting 
earlier and using the information we've already entered into our bugzilla and 
CVE tracker in a much more integrated way. It's a bit hard to explain, you'd 
best see for yourself (by joining us of course! ;)). 

Alex

[1] http://www.gentoo.org/proj/en/security/

-- 
Alex Legler <a3li@g.o>
Gentoo Security / Ruby
Attachment:
signature.asc (This is a digitally signed message part.)
Replies:
Re: No GLSA since January?!?
-- Daniel A. Avelino
References:
No GLSA since January?!?
-- Christian Kauhaus
Re: No GLSA since January?!?
-- JD Horelick
Re: No GLSA since January?!?
-- Daniel A. Avelino
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: No GLSA since January?!?
Next by thread:
Re: No GLSA since January?!?
Previous by date:
Re: No GLSA since January?!?
Next by date:
Re: No GLSA since January?!?


Updated May 10, 2012

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.