Gentoo Archives: gentoo-security

From: Ned Ludd <solar@g.o>
To: gentoo-security@l.g.o
Cc: "security@g.o" <security@g.o>
Subject: [gentoo-security] Security Updates And Announcements
Date: Sat, 17 Jan 2004 06:09:11
Message-Id: 1074319461.28452.212.camel@simple
- Security Updates And Announcements -

Security problems should be reported via bugzilla and assigned to
security@gentoo (this is a must)

As it stands right now our security updates have undergone alot of
changes in the last few months and there are still some quarks to work
out. The general idea we are aiming for is GLSA's in xml format. This
allows us to display the GLSA's on-line as well as have portage take
advantage of those GLSA's for the upcoming "emerge --security" feature.

GLSA's are sent primarily to 3 places full-disclosure, bugtraq,
gentoo-announce@g.o. At one time they went to this list here but for
what ever reason some people started complaining about getting a GLSA
from more than one list. Honestly I think those people should get over
it and GLSA's be sent to this list again or perhaps a
gentoo-security-announce@ would be a better place.

Anyway as you all know Gentoo is a community driven effort and we only
can only take care of the tasks we have time for. A lot of our 
developers have other lives so and dont always have time to sit around 
writing up a GLSA. So the simple solution to this would be to recruit  
more people to help out in this area, however technical writers with a
clue are a rare commodity.  So I'd like to open up a slot or two for a  
few people from this list that may be willing to help out in this dept.
If you think you have what it takes please drop a mail to solar@gentoo
and CC: security@gentoo . We also need more people actually reporting 
security problems and solutions to bugzilla so that something can be
done about them.

Currently we are also exploring the idea of user contributed GLSA's.
Tim Yamin <plasmaroo@gentoo> wants people to test the GLSAMaker at and complain to him if it
doesn't work.

And for you irc junkies you can find most of the sec team on #gentoo-security

Hope this has been somewhat enlightening.


Ned Ludd <solar@g.o>
Gentoo Linux Developer


File name MIME type
signature.asc application/pgp-signature