Gentoo Archives: gentoo-project

From: Michael Orlitzky <mjo@g.o>
To: gentoo-project@l.g.o
Subject: Re: [gentoo-project] Re: [pre-glep] Security Project Structure
Date: Tue, 04 Dec 2018 22:23:33
In Reply to: Re: [gentoo-project] Re: [pre-glep] Security Project Structure by Kristian Fiskerstrand
1 On 12/4/18 5:17 PM, Kristian Fiskerstrand wrote:
2 >
3 > Well, in terms of CVEs the documentation matters quite a bit, the
4 > question isn't necessarily what any user would do ... but what a
5 > reasonable user would do.. and a reasonable user would consider the
6 > documented practices of a project.
7 >
9 There's too much crap to read. Sometimes you've just got to assume that
10 a package marked "stable" on a popular distribution with a dedicated
11 security team isn't going to have a 9-month-old well-known root exploit
12 in the wild. That's perfectly reasonable to me.