1 |
- Typo... |
2 |
Additional Security Project bugzilla notes |
3 |
* The Security Project is except (should that read "exempt"?) |
4 |
|
5 |
|
6 |
|
7 |
- An intermediate level before masking might be issuing a warning if |
8 |
some simple, specific remediation measure can protect against a |
9 |
vulnerability. E.g. forcing cups to only listen to 127.0.0.1 or :1 |
10 |
|
11 |
- If you want to absolutely ensure that people are warned of a severe, |
12 |
but remediable vulnerability, is it acceptable to "break the build" |
13 |
by requiring a new local USE flag for the ebuild? I'm thinking of |
14 |
something like "glep_0001234", "glep_0001235", "glep_0001236", etc, |
15 |
and have the ebuild die if the flag is not set, and print out a URL |
16 |
for a security problem. This could be abstracted to make.conf with |
17 |
a new variable... |
18 |
|
19 |
GLEP="0001234 0001235 0001236 etc etc" |
20 |
|
21 |
This would probably be the last stage before masking. It would |
22 |
deliberately break the build, and require the user/admin to take manual |
23 |
action (add the flag for the GLEP) before proceeding further. This is |
24 |
a heavy-handed method, but masking is more final. |
25 |
|
26 |
-- |
27 |
Walter Dnes <waltdnes@××××××××.org> |
28 |
I don't run "desktop environments"; I run useful applications |