1 |
On Friday 01 December 2006 13:47, Chris Gianelloni wrote: |
2 |
> Actually, we would have to review the process, since not everything that |
3 |
> gets a security bug ends up with a GLSA. My current loose rule is that |
4 |
> if it deserves a GLSA, then it deserves and update, but I don't know the |
5 |
> exact criteria the security team uses to decide if something warrants a |
6 |
> GLSA or not. |
7 |
http://www.gentoo.org/security/en/vulnerability-policy.xml |
8 |
|
9 |
For relation between severity level and GLSA publication see Dispatch. |
10 |
|
11 |
Basically everything that ends up with Trivial severity level will NOT get a |
12 |
GLSA and everything that ends up with Minor severity level will get a vote |
13 |
from the Security team members. Two yes or no votes normally wins. Everything |
14 |
else gets a GLSA. |
15 |
|
16 |
Then you have to add in Security supported architectures, but that's really of |
17 |
no concern to x86. |
18 |
|
19 |
-- |
20 |
Sune Kloppenborg Jeppesen |
21 |
Gentoo Linux Security Team |