1 |
On Friday 26 August 2011 14:18:20 Daniel A. Avelino wrote: |
2 |
> Alex. |
3 |
> |
4 |
> May be a call for volunteers more "intense" could improve the manpower. This |
5 |
> could be a more |
6 |
> easy start point to address, no?. |
7 |
|
8 |
Well, the staffing needs page IS the point for making such calls. It's not |
9 |
that we haven't had people contacting us about helping, it's that they usually |
10 |
disappear shortly after that again after they've seen the tasks at hand. |
11 |
|
12 |
> I work too in some [smaller] security processes and can figure out what kind |
13 |
> of work are you talking about. |
14 |
> |
15 |
> As Kauhaus pointed, may be somethings should be automated but again, this is |
16 |
> a hard job to |
17 |
> implement and to keep results trustable. |
18 |
> |
19 |
|
20 |
Automation is a key thing I've been introducing in the new tools and processes |
21 |
for sending advisories. |
22 |
I'd rather not focus on a temporary automated system however, knowing that |
23 |
we're about to get back to the/near the status quo. |
24 |
|
25 |
> I'd started following this list recently and yet does not know how |
26 |
> work fluxes are performed here but, may be, this could be a good place to |
27 |
> start a review of GLSA processes, what |
28 |
> do you think about this? |
29 |
|
30 |
You can find the relevant info on our websites [1] |
31 |
|
32 |
The thing is, the basic idea cannot be changed. We will always have a flow |
33 |
issue -> bug -> fix -> stabling -> advisory. |
34 |
|
35 |
Specifically, the current goal is, to have the advisory drafting starting |
36 |
earlier and using the information we've already entered into our bugzilla and |
37 |
CVE tracker in a much more integrated way. It's a bit hard to explain, you'd |
38 |
best see for yourself (by joining us of course! ;)). |
39 |
|
40 |
Alex |
41 |
|
42 |
[1] http://www.gentoo.org/proj/en/security/ |
43 |
|
44 |
-- |
45 |
Alex Legler <a3li@g.o> |
46 |
Gentoo Security / Ruby |