| 1 |
On Friday 01 December 2006 13:47, Chris Gianelloni wrote: |
| 2 |
> Actually, we would have to review the process, since not everything that |
| 3 |
> gets a security bug ends up with a GLSA. My current loose rule is that |
| 4 |
> if it deserves a GLSA, then it deserves and update, but I don't know the |
| 5 |
> exact criteria the security team uses to decide if something warrants a |
| 6 |
> GLSA or not. |
| 7 |
http://www.gentoo.org/security/en/vulnerability-policy.xml |
| 8 |
|
| 9 |
For relation between severity level and GLSA publication see Dispatch. |
| 10 |
|
| 11 |
Basically everything that ends up with Trivial severity level will NOT get a |
| 12 |
GLSA and everything that ends up with Minor severity level will get a vote |
| 13 |
from the Security team members. Two yes or no votes normally wins. Everything |
| 14 |
else gets a GLSA. |
| 15 |
|
| 16 |
Then you have to add in Security supported architectures, but that's really of |
| 17 |
no concern to x86. |
| 18 |
|
| 19 |
-- |
| 20 |
Sune Kloppenborg Jeppesen |
| 21 |
Gentoo Linux Security Team |
Archives