Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Richard Freeman <rich0@g.o>
Subject: Re: Kernel Security Update Target Delay?
Date: Sun, 26 Sep 2010 08:16:22 -0400
On 09/26/2010 07:51 AM, Volker Armin Hemmann wrote:
> so there has been roughly a week so far.

Agreed - 10 days was the figure I mentioned.  So far we're 7 over the
target of 3.  Most major distros did it in less than 1.

> 
> And the bug is not that dangerous - except when you insist on running unsecure 
> 32bit software on a 64bit system.
> 

I didn't realize that multilib amd64 wasn't a security-supported
configuration of Gentoo.  Perhaps that should be documented somewhere -
like the amd64 handbook, and the multilib howto.  The security page
probably should also be updated - to indicate that amd64 is a supported
arch only without multilib.

Note that you don't need to RUN any 32-bit software to be insecure - you
merely need to have support for it enabled in the kernel config.

Look, either multilib is supported, or it isn't.  If it isn't, that's a
pretty big caveat that we don't document ANYWHERE.  If it is, then we
have to fix bugs in line with the security guidelines.

I'm just asking for us to be up-front with our policies, and to follow
them.  If we don't support multilib amd64, fine.  If we do support it,
then we need to support it.

Rich


Replies:
Re: Kernel Security Update Target Delay?
-- Robin H. Johnson
References:
Kernel Security Update Target Delay?
-- Richard Freeman
Re: Kernel Security Update Target Delay?
-- Volker Armin Hemmann
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Kernel Security Update Target Delay?
Next by thread:
Re: Kernel Security Update Target Delay?
Previous by date:
Re: Kernel Security Update Target Delay?
Next by date:
Re: Kernel Security Update Target Delay?


Updated May 10, 2012

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.