1 |
A couple of points: |
2 |
Many (Most?) in the list have already been fixed as far as gentoo is |
3 |
concerned - that is if you have followed policy and upgraded the problem |
4 |
does not exist in the installed packages. |
5 |
|
6 |
I think you should: |
7 |
A: add a line to say "fixed in later version - upgrade via portage" or |
8 |
similar (gotta be a better way to say this!) |
9 |
|
10 |
B: Highlight ones for which the vulnerability is ongoing, that is those |
11 |
that have no fix of any kind - top of list? |
12 |
|
13 |
C: give the full package name. Firebird is a name used for both a |
14 |
database and a browser, so I had to look twice at that one. |
15 |
|
16 |
The problem is that if you are on the current x86 (as an example), none |
17 |
of these should apply so confusion may occur. I know its a bit of a |
18 |
"play on words", but these are not a "compilation of known but |
19 |
unresolved vulnerabilities and security issues in Gentoo Linux." They |
20 |
have been resolved and the packages listed will not/should not be |
21 |
installed, but later fixed versions will. Installed systems should have |
22 |
been upgraded by the user when the relevant GLSA appears. If not ... |
23 |
|
24 |
BillK |
25 |
|
26 |
On Sun, 2004-03-28 at 00:32, Tobias Weisserth wrote: |
27 |
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
28 |
> Gentoo Linux Pending Vulnerabilities GLVP 200403-01 |
29 |
> Unofficial Announcement |
30 |
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
31 |
> glvp@×××××××××.org |
32 |
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
33 |
> |
34 |
|
35 |
> |
36 |
|
37 |
|
38 |
-- |
39 |
gentoo-security@g.o mailing list |