Gentoo Archives: gentoo-security

From: Alex Legler <a3li@g.o>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] No GLSA since January?!?
Date: Fri, 26 Aug 2011 17:58:54
Message-Id: 7389624.KK35qxi7RL@neon
In Reply to: Re: [gentoo-security] No GLSA since January?!? by "Daniel A. Avelino"
On Friday 26 August 2011 14:18:20 Daniel A. Avelino wrote:
> Alex. > > May be a call for volunteers more "intense" could improve the manpower. This > could be a more > easy start point to address, no?.
Well, the staffing needs page IS the point for making such calls. It's not that we haven't had people contacting us about helping, it's that they usually disappear shortly after that again after they've seen the tasks at hand.
> I work too in some [smaller] security processes and can figure out what kind > of work are you talking about. > > As Kauhaus pointed, may be somethings should be automated but again, this is > a hard job to > implement and to keep results trustable. >
Automation is a key thing I've been introducing in the new tools and processes for sending advisories. I'd rather not focus on a temporary automated system however, knowing that we're about to get back to the/near the status quo.
> I'd started following this list recently and yet does not know how > work fluxes are performed here but, may be, this could be a good place to > start a review of GLSA processes, what > do you think about this?
You can find the relevant info on our websites [1] The thing is, the basic idea cannot be changed. We will always have a flow issue -> bug -> fix -> stabling -> advisory. Specifically, the current goal is, to have the advisory drafting starting earlier and using the information we've already entered into our bugzilla and CVE tracker in a much more integrated way. It's a bit hard to explain, you'd best see for yourself (by joining us of course! ;)). Alex [1] -- Alex Legler <a3li@g.o> Gentoo Security / Ruby


File name MIME type
signature.asc application/pgp-signature


Subject Author
Re: [gentoo-security] No GLSA since January?!? "Daniel A. Avelino" <daavelino@×××××.com>