Gentoo Archives: gentoo-dev

From: Duncan <1i5t5.duncan@×××.net>
To: gentoo-dev@l.g.o
Subject: [gentoo-dev] Re: Regarding long delays on GLSA generation
Date: Sat, 18 Jan 2014 19:11:21
Message-Id: pan$ee0a6$e8da441b$1d21bfc2$
In Reply to: Re: [gentoo-dev] Regarding long delays on GLSA generation by Dirkjan Ochtman
1 Dirkjan Ochtman posted on Sat, 18 Jan 2014 17:33:36 +0100 as excerpted:
3 > On Sat, Jan 18, 2014 at 5:30 PM, Pacho Ramos <pacho@g.o> wrote:
4 >> What I want to achieve is to try to get this problem solved, I don't
5 >> think has any sense to have pending GLSA bugs waiting for ages (yes,
6 >> ages), I see this for really a lot of packages, the pointed one was
7 >> only one example, but there are many more (like glib, dotnet stuff...)
8 >
9 > From my perception, the security team in recent months has gone through
10 > great lengths to improve the process and to work on the backlog of old
11 > security bugs. AIUI, this *is* getting fixed, it just takes some time to
12 > fix it properly.
14 Same here. I've been glad to see the GLSAs moving again, even if seeing
15 LWN mention that it's a three-year-out (or was it five?) notice is a
16 bit ... gulp-worthy... even if on ~arch plus hard-unmasked pre-release
17 overlays I rarely see a GLSA that actually applies to me. (Tho I'd just
18 done the NTP update, noting the security issue from the changelog, and
19 was glad to see the official GLSA for it with additional detail.)
21 Still, if it's five years out and catching up, at least we have people
22 working on it now and it's happening! =:^)
24 But it's good to see this thread with the details posted. There was
25 mention that it had been discussed on dev before, but if so, I hadn't
26 seen it, at least in that detail. So I believe it was a reasonable
27 question, with now a reasonable answer. =:^)
29 Thanks again. That's a vital bit of gentoo that got stuck for a bit, and
30 I'm very appreciative that /someone/ is doing that hard and unglamorous
31 work without a lot of thanks. =:^)
33 --
34 Duncan - List replies preferred. No HTML msgs.
35 "Every nonfree program has a lord, a master --
36 and if you use the program, he is your master." Richard Stallman