1 |
On Sat, Sep 10, 2016 at 7:11 PM, Ian Zimmerman <itz@×××××××.net> wrote: |
2 |
> There has not been a GLSA, according to the gentoo.org front page, since |
3 |
> August 1 [1]. In the meantime, Debian has had [2] [3] and [4] among |
4 |
> others. Is it really the case that the Gentoo builds aren't affected by |
5 |
> any of these? |
6 |
> |
7 |
|
8 |
Gentoo GLSAs are not announced until the last arch stabilizes the |
9 |
change and then a security team member generates the notice. This is |
10 |
usually long after amd64/x86 do so. If you wait for a GLSA |
11 |
announcement before doing an update, or only do updates using the |
12 |
glsa-check tool you're going to be vulnerable for a LONG time. |
13 |
|
14 |
-- |
15 |
Rich |