1 |
On Fri, Mar 26, 2004 at 04:35:01PM +0100 or thereabouts, Tobias Weisserth wrote: |
2 |
> Bugzilla doesn't contain A LOT OF vulnerabilities that have been |
3 |
> reported to bugtraq and FD for example. I have been entering three from |
4 |
> bugtraq during the last four days alone. Browsing bugzilla is not a |
5 |
> solution. |
6 |
> |
7 |
> I will try to compile a weekly pending GLSA report for this list, |
8 |
> listing all vulnerabilities that have still to be solved. I'll be |
9 |
|
10 |
You are, of course, welcome to do this. Just to ensure everyone has the |
11 |
same expectations, however, the *only* resource the Gentoo security team |
12 |
will use for new security vulnerability reports is bugs.gentoo.org. So, |
13 |
while I encourage you to put together a weekly email/forums post if you so |
14 |
desire, I also encourage you to ensure all those vulnerabilities are also |
15 |
entered in bugzilla. Otherwise, they *are not* likely to be looked at by a |
16 |
Gentoo dev. |
17 |
|
18 |
--kurt |