1 |
On Thursday 03 August 2006 04:56, Brian Harring wrote: |
2 |
<snipped alot> |
3 |
> Besides... frankly it's kind of BS to push the vuln angle onto sunrise |
4 |
> when gentoo can't even clean out years old vulnerable packages from |
5 |
> gentoo-x86 (that doesn't absolve sunrise from having to watch it, nor |
6 |
> a potshot at the understaffed security team, merely that double |
7 |
> standards suck). |
8 |
Just to clarify: AFAIR it has never been policy to remove vulnerable ebuilds. |
9 |
|
10 |
The Security Team leaves that up to the maintainers. For some issues it does |
11 |
make sense to keep vulnerable ebuilds in the tree (ie. latest Apache (GLSA |
12 |
200608-01, when not using mod_rewrite). |
13 |
|
14 |
-- |
15 |
Sune Kloppenborg Jeppesen (Jaervosz) |
16 |
Operational Manager |
17 |
Gentoo Linux Security Team |
18 |
http://security.gentoo.org |
19 |
-- |
20 |
gentoo-dev@g.o mailing list |