1 |
On Friday, March 26, 2004 4:08, Joshua J. Berry wrote: |
2 |
> AFAIK the security team waits to issue GLSAs until the new version is |
3 |
released |
4 |
> in the stable tree. The unstable version is out (see the bug), so you can |
5 |
> grab that if you are seriously concerned. |
6 |
|
7 |
I know about the GLSA release policy, though I am rather unconvinced by the |
8 |
logic I've seen behind it. |
9 |
|
10 |
However, I was under the impression that there was a concurrent safeguard in |
11 |
place whereby ebuilds with known security flaws would be pulled from |
12 |
portage. This would lead to errors when attempting to "emerge -pUD world" |
13 |
and would at least be a strong indicator of a serious problem with a |
14 |
package. |
15 |
|
16 |
Ben |
17 |
|
18 |
|
19 |
-- |
20 |
gentoo-security@g.o mailing list |