1 |
Dirkjan Ochtman posted on Sat, 18 Jan 2014 17:33:36 +0100 as excerpted: |
2 |
|
3 |
> On Sat, Jan 18, 2014 at 5:30 PM, Pacho Ramos <pacho@g.o> wrote: |
4 |
>> What I want to achieve is to try to get this problem solved, I don't |
5 |
>> think has any sense to have pending GLSA bugs waiting for ages (yes, |
6 |
>> ages), I see this for really a lot of packages, the pointed one was |
7 |
>> only one example, but there are many more (like glib, dotnet stuff...) |
8 |
> |
9 |
> From my perception, the security team in recent months has gone through |
10 |
> great lengths to improve the process and to work on the backlog of old |
11 |
> security bugs. AIUI, this *is* getting fixed, it just takes some time to |
12 |
> fix it properly. |
13 |
|
14 |
Same here. I've been glad to see the GLSAs moving again, even if seeing |
15 |
LWN mention that it's a three-year-out (or was it five?) notice is a |
16 |
bit ... gulp-worthy... even if on ~arch plus hard-unmasked pre-release |
17 |
overlays I rarely see a GLSA that actually applies to me. (Tho I'd just |
18 |
done the NTP update, noting the security issue from the changelog, and |
19 |
was glad to see the official GLSA for it with additional detail.) |
20 |
|
21 |
Still, if it's five years out and catching up, at least we have people |
22 |
working on it now and it's happening! =:^) |
23 |
|
24 |
But it's good to see this thread with the details posted. There was |
25 |
mention that it had been discussed on dev before, but if so, I hadn't |
26 |
seen it, at least in that detail. So I believe it was a reasonable |
27 |
question, with now a reasonable answer. =:^) |
28 |
|
29 |
Thanks again. That's a vital bit of gentoo that got stuck for a bit, and |
30 |
I'm very appreciative that /someone/ is doing that hard and unglamorous |
31 |
work without a lot of thanks. =:^) |
32 |
|
33 |
-- |
34 |
Duncan - List replies preferred. No HTML msgs. |
35 |
"Every nonfree program has a lord, a master -- |
36 |
and if you use the program, he is your master." Richard Stallman |