1 |
Hi Thierry, |
2 |
|
3 |
On Tue, 2004-05-18 at 22:05, Thierry Carrez wrote: |
4 |
> Hello everyone, |
5 |
> |
6 |
> We're in the process of publishing Gentoo Official Policy for the |
7 |
> treatment of vulnerabilities. You can review the latest draft at the |
8 |
> following location : |
9 |
> |
10 |
> http://dev.gentoo.org/~koon/docs/vulnerability-policy.html |
11 |
> |
12 |
> Comments welcome. |
13 |
|
14 |
|
15 |
"Confidential vulnerabilities |
16 |
|
17 |
Confidential vulnerabilities (for example coming from developer's direct |
18 |
communication or restricted vendor-sec lists) should follow a specific |
19 |
procedure. They should not appear as a public bugzilla entry, but only |
20 |
in the (private) GLSAMaker tool. They should get corrected using private |
21 |
communication channels between the GLSA coordinator and the package |
22 |
maintainer." |
23 |
|
24 |
What's this about? I can't imagine what a "confidential vulnerability" |
25 |
might be. This immediately prompts for "security by obscurity" remark, |
26 |
don't you think? |
27 |
|
28 |
Otherwise very good work. |
29 |
|
30 |
I'm back in the game by the way. I had to wait about 4 weeks until my |
31 |
replacement drive came in after my fatal crash and I have now a machine |
32 |
with Gentoo again. Thank God ;-) |
33 |
|
34 |
I am going to buy another spare hard drive with another installation on |
35 |
it so my machine won't fail on me in the future with these consequences. |
36 |
Though I have to admit that a few weeks with less computer usage have |
37 |
really been worthwhile ;-) |
38 |
|
39 |
I have started monitoring full-disclosure and bugtraq again, already |
40 |
commencing entering bugs into bugzilla. |
41 |
|
42 |
Mandrake has a nice link collection: |
43 |
|
44 |
http://www.mandrakesecure.net/en/secsites.php |
45 |
|
46 |
These would be good candidates to skim through too. Add the |
47 |
announcements of all the other big distributions and that should cover a |
48 |
great deal of relevant channels. |
49 |
|
50 |
regards, |
51 |
Tobias W. |
52 |
|
53 |
|
54 |
|
55 |
-- |
56 |
gentoo-security@g.o mailing list |