List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
On Friday 26 August 2011 14:18:20 Daniel A. Avelino wrote:
> May be a call for volunteers more "intense" could improve the manpower. This
> could be a more
> easy start point to address, no?.
Well, the staffing needs page IS the point for making such calls. It's not
that we haven't had people contacting us about helping, it's that they usually
disappear shortly after that again after they've seen the tasks at hand.
> I work too in some [smaller] security processes and can figure out what kind
> of work are you talking about.
> As Kauhaus pointed, may be somethings should be automated but again, this is
> a hard job to
> implement and to keep results trustable.
Automation is a key thing I've been introducing in the new tools and processes
for sending advisories.
I'd rather not focus on a temporary automated system however, knowing that
we're about to get back to the/near the status quo.
> I'd started following this list recently and yet does not know how
> work fluxes are performed here but, may be, this could be a good place to
> start a review of GLSA processes, what
> do you think about this?
You can find the relevant info on our websites 
The thing is, the basic idea cannot be changed. We will always have a flow
issue -> bug -> fix -> stabling -> advisory.
Specifically, the current goal is, to have the advisory drafting starting
earlier and using the information we've already entered into our bugzilla and
CVE tracker in a much more integrated way. It's a bit hard to explain, you'd
best see for yourself (by joining us of course! ;)).
Alex Legler <firstname.lastname@example.org>
Gentoo Security / Ruby
signature.asc (This is a digitally signed message part.)