Gentoo Archives: gentoo-project

From: Steve Long <slong@××××××××××××××××××.uk>
To: gentoo-project@l.g.o
Subject: [gentoo-project] Re: Re: gentoo security and
Date: Thu, 27 Sep 2007 15:52:23
Message-Id: fdgim6$3g9$
In Reply to: Re: [gentoo-project] Re: gentoo security and by Arturo Garcia
Arturo Garcia wrote:
>> This is now all transparent public knowledge. As such no security team >> worth their salt are going to leave these holes open. Remember that all >> the code mentioned above has been freely available for several years. > This is ridiculous. We are trying to bring up a service that was brought > down because a command-injection vulnerability, and that is the bug we are > trying > to close. The solution to this problem is what has been required to be > tested. Please don't deviate with arguments work that has to be done. >
No the point, as I see it, is that a security _audit_ of the code is now being carried out. Not a fix to one bug. That's why it would be great if the report were submitted. Or do you think it wise to bring the service back up with known flaws? I didn't write the lines about the whole service needing reworking either. I'm just trying to explain why I think the process is being carried out properly. -- gentoo-project@g.o mailing list


Subject Author
Re: [gentoo-project] gentoo security and Arturo Garcia <arturo.g.arturo@×××××.com>