1 |
On Friday 26 August 2011 20:00:15 Joost Roeleveld wrote: |
2 |
> On Friday, August 26, 2011 07:06:35 PM Christian Kauhaus wrote: |
3 |
> > Am 26.08.2011 18:55, schrieb Alex Legler: |
4 |
> > > Compared to other distributions, our advisories have been rather |
5 |
> > > detailed with lots of manually researched information. I'm not sure |
6 |
> > > if |
7 |
> > > we can keep up this very high standard with the limited manpower, |
8 |
> > > but |
9 |
> > > we'll try our best. |
10 |
> > |
11 |
> > I see the point. I think it would be an achievement over the current |
12 |
> > situation (which is: no current GLSAs at all) to send out less detailed |
13 |
> > GLSAs. Even something short as: "$PACKAGE has vulnerabilities, they are |
14 |
> > fixed in $VERSION, for details see $CVE" would be immensely helpful. |
15 |
> > |
16 |
> > Is the any viable way to get it at least to this point? Probably the |
17 |
> > largest part of such a task could be automated. This would lift the |
18 |
> > burden from the security maintainers. |
19 |
> |
20 |
> I agree on this. |
21 |
> I don't (yet) know enough to actually help in this. I tend to follow |
22 |
> advisories and try to keep my machines as much up-to-date as possible. |
23 |
> |
24 |
> More brief GSLAs like what Christian mentioned are, for the majority, |
25 |
> sufficient. If someone really needs more information, there is always |
26 |
> google. |
27 |
> |
28 |
|
29 |
Like I said, please use Bugzilla and some basic filtering to get notifications |
30 |
until we can provide full advisories again. I realize it's not a solution and |
31 |
you will get the information somewhat unfiltered, but it is a reliable and |
32 |
most importantly currently available source of information. |
33 |
|
34 |
Alex |
35 |
|
36 |
-- |
37 |
Alex Legler <a3li@g.o> |
38 |
Gentoo Security / Ruby |