Gentoo Archives: gentoo-security

From: Alex Legler <a3li@g.o>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] No GLSA since January?!?
Date: Fri, 26 Aug 2011 17:58:54
Message-Id: 7389624.KK35qxi7RL@neon
In Reply to: Re: [gentoo-security] No GLSA since January?!? by "Daniel A. Avelino"
1 On Friday 26 August 2011 14:18:20 Daniel A. Avelino wrote:
2 > Alex.
3 >
4 > May be a call for volunteers more "intense" could improve the manpower. This
5 > could be a more
6 > easy start point to address, no?.
8 Well, the staffing needs page IS the point for making such calls. It's not
9 that we haven't had people contacting us about helping, it's that they usually
10 disappear shortly after that again after they've seen the tasks at hand.
12 > I work too in some [smaller] security processes and can figure out what kind
13 > of work are you talking about.
14 >
15 > As Kauhaus pointed, may be somethings should be automated but again, this is
16 > a hard job to
17 > implement and to keep results trustable.
18 >
20 Automation is a key thing I've been introducing in the new tools and processes
21 for sending advisories.
22 I'd rather not focus on a temporary automated system however, knowing that
23 we're about to get back to the/near the status quo.
25 > I'd started following this list recently and yet does not know how
26 > work fluxes are performed here but, may be, this could be a good place to
27 > start a review of GLSA processes, what
28 > do you think about this?
30 You can find the relevant info on our websites [1]
32 The thing is, the basic idea cannot be changed. We will always have a flow
33 issue -> bug -> fix -> stabling -> advisory.
35 Specifically, the current goal is, to have the advisory drafting starting
36 earlier and using the information we've already entered into our bugzilla and
37 CVE tracker in a much more integrated way. It's a bit hard to explain, you'd
38 best see for yourself (by joining us of course! ;)).
40 Alex
42 [1]
44 --
45 Alex Legler <a3li@g.o>
46 Gentoo Security / Ruby


File name MIME type
signature.asc application/pgp-signature


Subject Author
Re: [gentoo-security] No GLSA since January?!? "Daniel A. Avelino" <daavelino@×××××.com>