| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
Max, |
| 5 |
|
| 6 |
> Hello Samuel, are security vulnerabilities not classified by |
| 7 |
> cve.mitre.org in a way that can be simply and consistently |
| 8 |
> leveraged? I wouldn't expect gentoo to implement kernel patches |
| 9 |
> before the Linux kernel maintainers blessed the patch, and I'd |
| 10 |
> imagine that a cve number would have been assigned by then, our am |
| 11 |
> I mistaken? |
| 12 |
Yes, CVE's are assigned to kernel vulnerabilities, and I'm thinking |
| 13 |
that in general, these criteria would be applied after they are |
| 14 |
assigned a CVE (although that's not a requirement of course). We have |
| 15 |
our own criteria for Portage packages because it can take time before |
| 16 |
the issues are classified by MITRE, and the classifications aren't |
| 17 |
Gentoo specific (correct me if I'm wrong here). |
| 18 |
|
| 19 |
- -- |
| 20 |
Samuel |
| 21 |
-----BEGIN PGP SIGNATURE----- |
| 22 |
Version: GnuPG v2.0.22 (GNU/Linux) |
| 23 |
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ |
| 24 |
|
| 25 |
iQEcBAEBAgAGBQJSzLfkAAoJEGw+uP08RytWhd8IAM3h35FN5UdqpfhOlkvgPl/Q |
| 26 |
9kJw5DeQXW6kpS51vkKtfnHKdWXTJjhFgIKLwcheT8L3i080sROjLunJazNc7rxf |
| 27 |
UrHg1Vs0/ppaUIw1hh7R+/lSeZGDsSle2wjplcqsoRo2qOGxZK8j7sAp3LBVSA2x |
| 28 |
jLjisJmYglJUAl0PH3fSKfFrbgdwz9bqC8JMKN5mka6Od4vDC2Y/QB79ERT8w2ZI |
| 29 |
1cs/Ox304zYT9e7vwyQW7hZ20iuPHyFdBhREb1Php7uEoztOhp3se1v4WiGLQIDm |
| 30 |
iq7MC6wsS+jU7P2pOFZrueG6qbejruQJzP8/P+QNzMf9PpbxKzOughGGgo4NZSc= |
| 31 |
=KuhF |
| 32 |
-----END PGP SIGNATURE----- |
Archives