Gentoo Archives: gentoo-security

From: Aleksey V Lazar <lazar@××××.edu>
To: "gentoo-security@l.g.o" <gentoo-security@l.g.o>
Subject: Re: [gentoo-security] Security project meeting summary
Date: Mon, 28 Jul 2008 22:09:18
In Reply to: Re: [gentoo-security] Security project meeting summary by Robert Buchholz
Hello, Robert:

Robert Buchholz wrote:
> On Monday 21 July 2008, Aleksey V Lazar wrote: > >> Hello. Would it be reasonable to suggest adding a ~security (or >> something like it) flag to denote packages masked for security >> reasons? >> > > Hi Aleksey, > > since entries package.mask only contain free text description as an > additional information, such a feature would require the package > manager to decide which entries are security maskings, and which are > feature maskings. While that could be done using > restrictions/conventions within the text, I am sure our package manager > developers would disagree with such a design. A "" > file might be more appropriate for that. >
Are you saying that security mask entries would go into the and feature/other to package.mask? I think this would make sense.
> My question now is, why would you want such a thing? Masked packages all > have different reasons to be there, and you should decide to use one on > a case-by-case basis. >
I described in some more detail what I was thinking about in my previous post to this list. To answer your question, I think a feature like this would be very useful, because it would remove barriers for identifying packages with security issues. For example, I don't update my gentoo system daily, but I would update it as often as necessary to keep it secure. Currently (to the best of my understanding) there is no easy way (e.g.: an /emerge/ option) to identify and update only the packages that have security fixes. I would have to do some digging to find out what packages and evaluate each package separately. So I think there would be value in separating security masking from other types. To summarize, I think this would accomplish the following: 1. Easily identify packages masked for security reasons. 2. Easily identified installed packages that have security issues/fixes available. 3. Option for /emerge/ to only update packages with security fixes Thank you for consideration. Aleksey
> Regards, > Robert > >
-- Aleksey V. Lazar Website Development Memorial Library 3010 Minnesota State University Mankato, MN 56001 Tel.: 1-507-389-2480


Subject Author
Re: [gentoo-security] Security project meeting summary Bill <wviands@×××××××××××××××.edu>