| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
Luca Barbato a écrit : |
| 5 |
> Here is a list of interesting questions: "Are we fine?" "What are we |
| 6 |
> going to do?" |
| 7 |
> |
| 8 |
> Please project leaders try to reply in short. |
| 9 |
> |
| 10 |
|
| 11 |
Ok, technically I'm not security lead, but since I and rbu almost |
| 12 |
completely handled the security team since 2 months, I think I can at |
| 13 |
least give my opinions on what's going on. |
| 14 |
|
| 15 |
> About the stuff I'm involved: |
| 16 |
> |
| 17 |
> Are we fine? |
| 18 |
|
| 19 |
security: |
| 20 |
Well, with an average of ~ 1 GLSA/day for November and December, things |
| 21 |
are going a little bit better than some months ago. We still have too |
| 22 |
many open bugs (~115),but we tend to be a little more reactive since we |
| 23 |
now actively monitor the vendor-security mailing list plus the freshly |
| 24 |
attributed CVE ids, so we're able to file bugs and get them corrected |
| 25 |
before they go public. This also means arches security liaisons should |
| 26 |
be prepared to get called more often from now on. |
| 27 |
|
| 28 |
> |
| 29 |
> What are we going to do: |
| 30 |
> |
| 31 |
|
| 32 |
Personally, I'd like that we become more regular for the GLSA releases, |
| 33 |
instead of doing nothing for days then rushing to send 10 GLSAs in 2 days. |
| 34 |
I'd also like to take care of the really old bugs, say, opened for at |
| 35 |
least 6 months (~25 at the moment). |
| 36 |
Don't know if we'll manage to do it, but at least we'll try. |
| 37 |
|
| 38 |
|
| 39 |
This was a (very) short reply, sec team members are of course |
| 40 |
welcome to complete. |
| 41 |
|
| 42 |
- -- |
| 43 |
Pierre-Yves Rofes |
| 44 |
Gentoo Linux Security Team |
| 45 |
-----BEGIN PGP SIGNATURE----- |
| 46 |
Version: GnuPG v1.4.7 (GNU/Linux) |
| 47 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
| 48 |
|
| 49 |
iD8DBQFHhVS1uhJ+ozIKI5gRAqbnAJ9URJQ2fMFdjrpaER1dKF+ws4VDQQCdHZ98 |
| 50 |
2rCq9l3JGrxfSXZNttN40ok= |
| 51 |
=5N0K |
| 52 |
-----END PGP SIGNATURE----- |
| 53 |
-- |
| 54 |
gentoo-dev@l.g.o mailing list |
Archives