1 |
On Thursday 27 Sep 2007, Steve Long wrote: |
2 |
> No the point, as I see it, is that a security _audit_ of the code is now |
3 |
> being carried out. Not a fix to one bug. |
4 |
As I said, fine with me, but *do* it and then close the bug. Open new ones, |
5 |
assign them and link them to the original bug if you wish. We act on them |
6 |
and we close them as well. |
7 |
|
8 |
> That's why it would be great if the report were submitted. Or do you think |
9 |
> it wise to bring the service back up with known flaws? |
10 |
What report?!? Onkobu offered help in auditing any future patches if anybody |
11 |
required so. Nothing more. Unfortunately, he got angry (no wonder) and pulled |
12 |
out. Maybe he is now running another distro... I haven't been in touch with |
13 |
him. |
14 |
|
15 |
Regarding the flaws, as I said, look at the code and find for yourself. As |
16 |
far as I know, Tavis *has* reviewed the patch and the code. All what is |
17 |
outstanding is for the site to be tested. If he opens new bugs, then we will |
18 |
patch and close them. |
19 |
|
20 |
> I didn't write the lines about the whole service needing reworking either. |
21 |
> I'm just trying to explain why I think the process is being carried out |
22 |
> properly. |
23 |
?_? again. I don't understand what are you trying to say?!? I don't see the |
24 |
correlation between this and your (or my) first post. Sorry. |
25 |
|
26 |
As a summary, the next step now is for security@g.o to their work (as |
27 |
Infra has *repeatedly* said and requested). If someone can poke them to do |
28 |
so please, it will be highly appreciated. If they audit, test, or jump on |
29 |
one foot while holding raw eggs on their head I don't care. It's their job. |
30 |
Bug please test and come back to us. Thanks. |
31 |
|
32 |
A. |
33 |
-- |
34 |
gentoo-project@g.o mailing list |