Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Tobias Heinlein <keytoaster@g.o>
Subject: Re: No GLSA since January?!?
Date: Sat, 27 Aug 2011 14:34:39 +0200
Rich Freeman wrote, on 08/27/2011 02:13 PM:
> Note that I'm basically advocating ditching the tool.  A tool is good
> when it improves productivity.  However, right now it appears that the
> tool is keeping people from contributing who want to contribute.
> Certainly things couldn't get worse without the tool.  If a user just
> edits an xml template and email template and posts it on the bug, then
> very little work should be required to review the files before posting
> them.  Contributors wouldn't need any special access either - freeing
> up devs to provide more of a QA role.
> 
> Ditching the tool would also simplify fixes to GLSAs.  I haven't run
> it in a while, but took glsa-checker out of my cron ages ago when it
> would just report packages with vulnerabilities that had none.  I did
> log bugs, but apparently adding one line to the xml files requires as
> much pain as sending out the original notice.

I have read that idea multiple times now, each of them by people not on
the security team or something similar. It just doesn't work that way.
It's like suggesting to ditch Bugzilla and instead enter bugs manually
with SQL commands into a database. Well, not quite, but you get the idea.

Also, as previously stated, we know that the tool sucks, which is why
Alex has been working for months on new tools. We really wouldn't spend
that much time on that if it wasn't worth it.


Replies:
Re: No GLSA since January?!?
-- Rich Freeman
References:
No GLSA since January?!?
-- Christian Kauhaus
Re: No GLSA since January?!?
-- Alex Legler
Re: No GLSA since January?!?
-- Christian Kauhaus
Re: No GLSA since January?!?
-- Kevin Bryan
Re: No GLSA since January?!?
-- Christian Kauhaus
Re: No GLSA since January?!?
-- Rich Freeman
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: No GLSA since January?!?
Next by thread:
Re: No GLSA since January?!?
Previous by date:
Re: No GLSA since January?!?
Next by date:
Re: No GLSA since January?!?


Updated Oct 31, 2011

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.