Gentoo Archives: gentoo-security

From: "Daniel A. Avelino" <daavelino@×××××.com>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] No GLSA since January?!?
Date: Fri, 26 Aug 2011 18:23:57
In Reply to: Re: [gentoo-security] No GLSA since January?!? by Alex Legler
On Fri, Aug 26, 2011 at 2:57 PM, Alex Legler <a3li@g.o> wrote:

> On Friday 26 August 2011 14:18:20 Daniel A. Avelino wrote: > > Alex. > > > > May be a call for volunteers more "intense" could improve the manpower. > This > > could be a more > > easy start point to address, no?. > > Well, the staffing needs page IS the point for making such calls. It's not > that we haven't had people contacting us about helping, it's that they > usually > disappear shortly after that again after they've seen the tasks at hand. > > I know how it works!
> > I work too in some [smaller] security processes and can figure out what > kind > > of work are you talking about. > > > > As Kauhaus pointed, may be somethings should be automated but again, this > is > > a hard job to > > implement and to keep results trustable. > > > > Automation is a key thing I've been introducing in the new tools and > processes > for sending advisories. > I'd rather not focus on a temporary automated system however, knowing that > we're about to get back to the/near the status quo. > > When I think about automation, I had in mind something that could help
developers to find vulnerabilities in a more fast way [searching and confronting CVE, for example] and start a "call for solution" process. I work with solutions of this type for WEB vulnerabilities discover and some tools are very interesting to reduce the correction time. By the way, I will start to read about what a Padawan should know instead of make speculations prematurelly. :D Thank you very much for the explanations. Daniel A. Avelino


Subject Author
Re: [gentoo-security] No GLSA since January?!? Alex Legler <a3li@g.o>