Gentoo Archives: gentoo-project

From: Arturo Garcia <arturo.g.arturo@×××××.com>
To: gentoo-project@l.g.o
Subject: Re: [gentoo-project] gentoo security and packages.gentoo.org
Date: Fri, 28 Sep 2007 07:11:53
Message-Id: 200709280902.40733.arturo.g.arturo@gmail.com
In Reply to: [gentoo-project] Re: Re: gentoo security and packages.gentoo.org by Steve Long
1 On Thursday 27 Sep 2007, Steve Long wrote:
2 > No the point, as I see it, is that a security _audit_ of the code is now
3 > being carried out. Not a fix to one bug.
4 As I said, fine with me, but *do* it and then close the bug. Open new ones,
5 assign them and link them to the original bug if you wish. We act on them
6 and we close them as well.
7
8 > That's why it would be great if the report were submitted. Or do you think
9 > it wise to bring the service back up with known flaws?
10 What report?!? Onkobu offered help in auditing any future patches if anybody
11 required so. Nothing more. Unfortunately, he got angry (no wonder) and pulled
12 out. Maybe he is now running another distro... I haven't been in touch with
13 him.
14
15 Regarding the flaws, as I said, look at the code and find for yourself. As
16 far as I know, Tavis *has* reviewed the patch and the code. All what is
17 outstanding is for the site to be tested. If he opens new bugs, then we will
18 patch and close them.
19
20 > I didn't write the lines about the whole service needing reworking either.
21 > I'm just trying to explain why I think the process is being carried out
22 > properly.
23 ?_? again. I don't understand what are you trying to say?!? I don't see the
24 correlation between this and your (or my) first post. Sorry.
25
26 As a summary, the next step now is for security@g.o to their work (as
27 Infra has *repeatedly* said and requested). If someone can poke them to do
28 so please, it will be highly appreciated. If they audit, test, or jump on
29 one foot while holding raw eggs on their head I don't care. It's their job.
30 Bug please test and come back to us. Thanks.
31
32 A.
33 --
34 gentoo-project@g.o mailing list

Replies

Subject Author
[gentoo-project] Re: gentoo security and packages.gentoo.org Steve Long <slong@××××××××××××××××××.uk>