Gentoo Logo
Gentoo Spaceship

Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
To: gentoo-security@g.o
From: Calum <caluml@...>
Subject: Re: Days of yore
Date: Mon, 16 Apr 2007 18:09:08 +0100
On 4/16/07, Marius Mauch <genone@g.o> wrote:
> Not directly related, but you might be interested in the "affected"
> target or the --mail option of glsa-check.

I am interested in that - but I don't think those options were there
when I started putting those cronjobs on my servers many moons ago.
Thanks though - I'll investigate.


> emerge gentoo-sources won't magically fix your
> machine and besides not everyone want to upgrade their kernel for every
> small issue.

Nope, of course. But those of us that used the GLSAs as a one-stop
package security report were hung out to dry.
(Talk about cold sweat when I found out....)

>That's why plasmaroo wrote KISS, sadly he left before it went
> public and now we waiting for another tool for kernel issues. It's not even on
> the horizon yet (at least not to my knowledge).

Yep, It sounds like it might have been promising. However, who on
earth thought it would be a good idea to remove the functioning kernel
security alert system **before** the replacement was written, working,
heavily tested, and all the users given 12 months of notice?
(The obvious method of notification would have been to create a fake
GLSA for glsa-check.)

> This started out as a small
> problem that we thought would be temporary but has sadly turned kind of
> permanent without us informing users properly.

This is why, when people ask me if they can "temporarily" do things in
my lab, I say no.
Temporarily often has a habit of not being.

Could we just get GLSAs going again for some of the most common
sources for now then? Say gentoo, and hardened? x86, and AMD?
Or some virtual ebuild that requires certain versions of kernels to be
installed, that can be updated via Portage from time to time.
Then you could script emerge -pv sys-kernel/secure-kernel-source, and
when it said it would need to install hardened-sources 2.6.26, you'd
know that there must have been a bug in <2.4.26.

gentoo-security@g.o mailing list

Re: Days of yore
-- Sune Kloppenborg Jeppesen
Days of yore
-- Calum
Re: Days of yore
-- Marius Mauch
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Days of yore
Next by thread:
Re: Days of yore
Previous by date:
Re: Days of yore
Next by date:
Re: Days of yore

Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.