Gentoo Archives: gentoo-security

From: Sune Kloppenborg Jeppesen <jaervosz@g.o>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Days of yore
Date: Mon, 16 Apr 2007 16:10:57
In Reply to: Re: [gentoo-security] Days of yore by "William L. Thomson Jr."
On Monday 16 April 2007 16:05, William L. Thomson Jr. wrote:
> Not to mention in my case upstream had already acted or etc, so no > patching or etc was needed on my behalf. Just bumps and stabilization if > anything.
Yeah, this is because the Security team is simply understaffed as has been the case for far too long. We only have a few very active members and due to process and QA stuff it simply takes time. I hope we're going to bring it down soon though. Try searching for bugs in ebuild+ or ebuild++ status, that should give a hint about what problems we face. Not to mention other + and ++ statuses.
> Kernel issues must be a nightmare for the security team.
Kernel issues are a nightmare because of the many sources and the way Gentoo handles kernel sources. emerge gentoo-sources won't magically fix your machine and besides not everyone want to upgrade their kernel for every small issue. That's why plasmaroo wrote KISS, sadly he left before it went public and now we waiting for another tool for kernel issues. It's not even on the horizon yet (at least not to my knowledge). This started out as a small problem that we thought would be temporary but has sadly turned kind of permanent without us informing users properly. So if you want to help get things back on track please join #gentoo-security and lets talk. -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team