| 1 |
Chris Gianelloni wrote: |
| 2 |
|
| 3 |
> On Fri, 2006-12-01 at 07:22 -0600, Andrew Gaffney wrote: |
| 4 |
>> Steve Long wrote: |
| 5 |
>> > The only question I have, which Stuart also |
| 6 |
>> > mentioned, is whether all security updates go thru the GLSA process. |
| 7 |
>> |
| 8 |
>> Are you asking if all security updates that are done to the release will |
| 9 |
>> have gone through the GLSA process? I'd say the answer is yes, since the |
| 10 |
>> only updates that will go in the release tree are security updates from |
| 11 |
>> GLSAs :P |
| 12 |
> |
| 13 |
> Actually, we would have to review the process, since not everything that |
| 14 |
> gets a security bug ends up with a GLSA. My current loose rule is that |
| 15 |
> if it deserves a GLSA, then it deserves and update, but I don't know the |
| 16 |
> exact criteria the security team uses to decide if something warrants a |
| 17 |
> GLSA or not. |
| 18 |
> |
| 19 |
Well, I'm guessing that the bugs are entered and reviewed as security bugs |
| 20 |
on some system or another. If so, we can just get the basic list automated |
| 21 |
to tie into a script collection. |
| 22 |
|
| 23 |
Who would know what criteria the security people use? |
| 24 |
|
| 25 |
|
| 26 |
-- |
| 27 |
gentoo-dev@g.o mailing list |
Archives