Gentoo Archives: gentoo-security

From: Calum <gentoo-security@××××××××××××.uk>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Kernels and GLSAs
Date: Tue, 20 Sep 2005 14:37:39
In Reply to: Re: [gentoo-security] Kernels and GLSAs by Alec Warner
Alec Warner wrote:

> Does anyone have a link to the no kernel GLSA news?
No link, I'm afraid. But here is an excerpt from the email I received: "Thing is, we don't do Kernel GLSAs anymore : by the time all the kernel sources in Portage get fixed, months had passed and the issue was forgotten/exploited already. It's in the process of being remplaced by an Kernel Interactive Security Status system (called KISS) that will help assess the current vulnerabilities of your running kernel and help you chose when to upgrade, along with specific "vulnerability alerts" telling people that new big vulnerabilities have been found and to look into KISS for information on fixed kernels. Exploitable Local Root vulnerabilities would certainly trigger such an alert. For the moment, the best way to get informed is to monitor the "Kernel" component of the "Gentoo Security" product. Now that summer time and 2005.1 are over, I expect that KISS will be opened soon." This isn't finger pointing, or anything like that at all. Gentoo is the best distro for me, and that's why I use it, and everyone working on it does a great job. It's just that I relied on the GLSAs, and never heard anything to say that they weren't doing kernel GLSAs any more. Calum -- gpg : FC64 140F@××××××××××××××.net jabber: calum@×××××××××××.org -- gentoo-security@g.o mailing list