1 |
Chris Gianelloni wrote: |
2 |
|
3 |
> On Fri, 2006-12-01 at 07:22 -0600, Andrew Gaffney wrote: |
4 |
>> Steve Long wrote: |
5 |
>> > The only question I have, which Stuart also |
6 |
>> > mentioned, is whether all security updates go thru the GLSA process. |
7 |
>> |
8 |
>> Are you asking if all security updates that are done to the release will |
9 |
>> have gone through the GLSA process? I'd say the answer is yes, since the |
10 |
>> only updates that will go in the release tree are security updates from |
11 |
>> GLSAs :P |
12 |
> |
13 |
> Actually, we would have to review the process, since not everything that |
14 |
> gets a security bug ends up with a GLSA. My current loose rule is that |
15 |
> if it deserves a GLSA, then it deserves and update, but I don't know the |
16 |
> exact criteria the security team uses to decide if something warrants a |
17 |
> GLSA or not. |
18 |
> |
19 |
Well, I'm guessing that the bugs are entered and reviewed as security bugs |
20 |
on some system or another. If so, we can just get the basic list automated |
21 |
to tie into a script collection. |
22 |
|
23 |
Who would know what criteria the security people use? |
24 |
|
25 |
|
26 |
-- |
27 |
gentoo-dev@g.o mailing list |