1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
On Tue, 31 Oct 2006, Stuart Herbert wrote: |
5 |
|
6 |
> On 10/31/06, Ciaran McCreesh <ciaranm@×××××××.org> wrote: |
7 |
>> Uh, security bugs are not the highest priority. |
8 |
> |
9 |
> Would it be possible to have some arch team leaders join in this |
10 |
> debate? Atm, it just seems to be bouncing back and forwards between |
11 |
> package maintainers asking questions, and a Gentoo user filling the |
12 |
> void left by the responses from the arch team folks. |
13 |
|
14 |
Well, lets use an example. If SPARC had a breakage in the system profile |
15 |
and a security bug in say, phpmyadmin, the system profile breakage is |
16 |
going to take priority as it impacts every SPARC user's ability to use |
17 |
and/or install Gentoo on Linux/SPARC. However, phpmyadmin impacts a much |
18 |
smaller segment of the Gentoo Linux/SPARC user base, so its not as much of |
19 |
a problem. |
20 |
|
21 |
Obviously some of this is going to be relative. If the security issue was |
22 |
a remote unauthorized DoS, buffer overflow resulting in a root shell |
23 |
particularly in the system profile packages, then it would probably take |
24 |
priority over the latest request to stabilize or add testing keywords to |
25 |
random package maintainer's package. |
26 |
|
27 |
That being said, Gentoo Linux/SPARC normally does try to handle Security |
28 |
issues before others if the others aren't critical. |
29 |
|
30 |
Cheers, |
31 |
- -- |
32 |
Jason Wever |
33 |
Gentoo/Sparc Team Co-Lead |
34 |
-----BEGIN PGP SIGNATURE----- |
35 |
Version: GnuPG v1.4.5 (GNU/Linux) |
36 |
|
37 |
iD8DBQFFR3IBdKvgdVioq28RArMdAJ49AsBl3DjtA5n22atL7FpY0jYwVACeLeV7 |
38 |
PPBLoaGVvBRWQRh3Qnn1VLs= |
39 |
=BAvM |
40 |
-----END PGP SIGNATURE----- |
41 |
-- |
42 |
gentoo-dev@g.o mailing list |