| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
On Tue, 31 Oct 2006, Stuart Herbert wrote: |
| 5 |
|
| 6 |
> On 10/31/06, Ciaran McCreesh <ciaranm@×××××××.org> wrote: |
| 7 |
>> Uh, security bugs are not the highest priority. |
| 8 |
> |
| 9 |
> Would it be possible to have some arch team leaders join in this |
| 10 |
> debate? Atm, it just seems to be bouncing back and forwards between |
| 11 |
> package maintainers asking questions, and a Gentoo user filling the |
| 12 |
> void left by the responses from the arch team folks. |
| 13 |
|
| 14 |
Well, lets use an example. If SPARC had a breakage in the system profile |
| 15 |
and a security bug in say, phpmyadmin, the system profile breakage is |
| 16 |
going to take priority as it impacts every SPARC user's ability to use |
| 17 |
and/or install Gentoo on Linux/SPARC. However, phpmyadmin impacts a much |
| 18 |
smaller segment of the Gentoo Linux/SPARC user base, so its not as much of |
| 19 |
a problem. |
| 20 |
|
| 21 |
Obviously some of this is going to be relative. If the security issue was |
| 22 |
a remote unauthorized DoS, buffer overflow resulting in a root shell |
| 23 |
particularly in the system profile packages, then it would probably take |
| 24 |
priority over the latest request to stabilize or add testing keywords to |
| 25 |
random package maintainer's package. |
| 26 |
|
| 27 |
That being said, Gentoo Linux/SPARC normally does try to handle Security |
| 28 |
issues before others if the others aren't critical. |
| 29 |
|
| 30 |
Cheers, |
| 31 |
- -- |
| 32 |
Jason Wever |
| 33 |
Gentoo/Sparc Team Co-Lead |
| 34 |
-----BEGIN PGP SIGNATURE----- |
| 35 |
Version: GnuPG v1.4.5 (GNU/Linux) |
| 36 |
|
| 37 |
iD8DBQFFR3IBdKvgdVioq28RArMdAJ49AsBl3DjtA5n22atL7FpY0jYwVACeLeV7 |
| 38 |
PPBLoaGVvBRWQRh3Qnn1VLs= |
| 39 |
=BAvM |
| 40 |
-----END PGP SIGNATURE----- |
| 41 |
-- |
| 42 |
gentoo-dev@g.o mailing list |
Archives