| 1 |
Am 26.08.2011 20:08, schrieb Kevin Bryan: |
| 2 |
> SECURITY_FIXES="<www-plugins/adobe-flash-10.1.102.64" |
| 3 |
> SECURITY_REF="CVE:2010-2169 http://..." |
| 4 |
> SECURITY_BUG="343089" |
| 5 |
> SECURITY_IMPACT="remote" |
| 6 |
|
| 7 |
Your idea sounds interesting and could lead to very cool technology like the |
| 8 |
'ACCEPT_RISKS="..."' variable mentioned elsewhere in this thread. |
| 9 |
|
| 10 |
But it does not solve a major part of the use case. In my opinion, we need to |
| 11 |
get notifications about security risks over an independent channel without |
| 12 |
having to update the portage tree. |
| 13 |
|
| 14 |
For me (and the rest of my company) the greatest advantage of Gentoo over |
| 15 |
other distributions it it's "continuous integration" approach. Updates get |
| 16 |
committed to the portage tree continuously over time and administrators are |
| 17 |
completely free on how often and when they update their systems. This is |
| 18 |
great. But given I have an installed base and I have no reason to update the |
| 19 |
portage tree now, I need a reliable information about "this package is |
| 20 |
borked". Then I should go for update as fast as possible of course. :-) |
| 21 |
|
| 22 |
So in consequence I would appreciate to have both mechanisms: a timely |
| 23 |
up-front notification via GLSAs (probably more brief than the past ones) and |
| 24 |
some sort of security masking. |
| 25 |
|
| 26 |
Regards |
| 27 |
|
| 28 |
Christian |
| 29 |
|
| 30 |
-- |
| 31 |
Dipl.-Inf. Christian Kauhaus <>< · kc@××××××.com · systems administration |
| 32 |
gocept gmbh & co. kg · forsterstraße 29 · 06112 halle (saale) · germany |
| 33 |
http://gocept.com · tel +49 345 1229889 11 · fax +49 345 1229889 1 |
| 34 |
Zope and Plone consulting and development |
Archives