1 |
Am 26.08.2011 20:08, schrieb Kevin Bryan: |
2 |
> SECURITY_FIXES="<www-plugins/adobe-flash-10.1.102.64" |
3 |
> SECURITY_REF="CVE:2010-2169 http://..." |
4 |
> SECURITY_BUG="343089" |
5 |
> SECURITY_IMPACT="remote" |
6 |
|
7 |
Your idea sounds interesting and could lead to very cool technology like the |
8 |
'ACCEPT_RISKS="..."' variable mentioned elsewhere in this thread. |
9 |
|
10 |
But it does not solve a major part of the use case. In my opinion, we need to |
11 |
get notifications about security risks over an independent channel without |
12 |
having to update the portage tree. |
13 |
|
14 |
For me (and the rest of my company) the greatest advantage of Gentoo over |
15 |
other distributions it it's "continuous integration" approach. Updates get |
16 |
committed to the portage tree continuously over time and administrators are |
17 |
completely free on how often and when they update their systems. This is |
18 |
great. But given I have an installed base and I have no reason to update the |
19 |
portage tree now, I need a reliable information about "this package is |
20 |
borked". Then I should go for update as fast as possible of course. :-) |
21 |
|
22 |
So in consequence I would appreciate to have both mechanisms: a timely |
23 |
up-front notification via GLSAs (probably more brief than the past ones) and |
24 |
some sort of security masking. |
25 |
|
26 |
Regards |
27 |
|
28 |
Christian |
29 |
|
30 |
-- |
31 |
Dipl.-Inf. Christian Kauhaus <>< · kc@××××××.com · systems administration |
32 |
gocept gmbh & co. kg · forsterstraße 29 · 06112 halle (saale) · germany |
33 |
http://gocept.com · tel +49 345 1229889 11 · fax +49 345 1229889 1 |
34 |
Zope and Plone consulting and development |