Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-security

From: Sune Kloppenborg Jeppesen <jaervosz@g.o>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] just can't let it die
Date: Thu, 11 Nov 2004 09:14:50
Message-Id: 200411111014.49608.jaervosz@gentoo.org
In Reply to: [gentoo-security] just can't let it die by Chris Haumesser
1 I'm short on time so here's a quick answer to your questions.
2
3 On Thursday 11 November 2004 09:41, Chris Haumesser wrote:
4 <snip>
5 > Is there a written policy for determining what issues warrant the
6 > issuance of a GLSA? If so, where? If not, should there be?
7
8 http://security.gentoo.org should provide you with the pointers requested.
9
10 > What does the gentoo developer handbook have to say about security?
11 > Should it address the security expectations we have of software developers?
12
13 I would say yes, but noone has done it yet.
14
15 > To what extent should the community be involved in managing security
16 > issues? What mechanisms exist for this? Should there be a more
17 > streamlined way for users to see what the status of current security
18 > efforts is?
19
20 As with most of the development process there is http://bugs.gentoo.org.
21
22 But I'm all ears for other proposals, we love contributions.
23
24 > Is there a set of criteria we can agree on that might aid us in
25 > assessing the severity of a threat and need for a fix, in a way that is
26 > reasonable and fair? How are potential threats currently assessed?
27
28 See Vulnerability Policy on the above page.
29
30 > What should someone do if they think a serious problem is being
31 > overlooked or actively ignored? Is there a way to set up some
32 > protocols/procedures that might avoid this kind of flame war in the future?
33
34 File a security bug at http://bugs.gentoo.org
35
36 >
37 > I hope no one sees this as trolling. I'm not trying to start another
38 > flame war, but I think these are all fundamental, legitimate questions
39 > raised by this thread. Where exactly _does_ the gentoo project stand on
40 > security? And how do I find out? This is a key piece of missing
41 > perspective.
42 http://www.gentoo.org -> Security Announcements
43
44 --
45 Sune Kloppenborg Jeppesen (Jaervosz)
46 Operational Manager
47 Gentoo Linux Security Team
Report Message
Find on MARC Find on Google Groups