1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
Max, |
5 |
|
6 |
> Hello Samuel, are security vulnerabilities not classified by |
7 |
> cve.mitre.org in a way that can be simply and consistently |
8 |
> leveraged? I wouldn't expect gentoo to implement kernel patches |
9 |
> before the Linux kernel maintainers blessed the patch, and I'd |
10 |
> imagine that a cve number would have been assigned by then, our am |
11 |
> I mistaken? |
12 |
Yes, CVE's are assigned to kernel vulnerabilities, and I'm thinking |
13 |
that in general, these criteria would be applied after they are |
14 |
assigned a CVE (although that's not a requirement of course). We have |
15 |
our own criteria for Portage packages because it can take time before |
16 |
the issues are classified by MITRE, and the classifications aren't |
17 |
Gentoo specific (correct me if I'm wrong here). |
18 |
|
19 |
- -- |
20 |
Samuel |
21 |
-----BEGIN PGP SIGNATURE----- |
22 |
Version: GnuPG v2.0.22 (GNU/Linux) |
23 |
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ |
24 |
|
25 |
iQEcBAEBAgAGBQJSzLfkAAoJEGw+uP08RytWhd8IAM3h35FN5UdqpfhOlkvgPl/Q |
26 |
9kJw5DeQXW6kpS51vkKtfnHKdWXTJjhFgIKLwcheT8L3i080sROjLunJazNc7rxf |
27 |
UrHg1Vs0/ppaUIw1hh7R+/lSeZGDsSle2wjplcqsoRo2qOGxZK8j7sAp3LBVSA2x |
28 |
jLjisJmYglJUAl0PH3fSKfFrbgdwz9bqC8JMKN5mka6Od4vDC2Y/QB79ERT8w2ZI |
29 |
1cs/Ox304zYT9e7vwyQW7hZ20iuPHyFdBhREb1Php7uEoztOhp3se1v4WiGLQIDm |
30 |
iq7MC6wsS+jU7P2pOFZrueG6qbejruQJzP8/P+QNzMf9PpbxKzOughGGgo4NZSc= |
31 |
=KuhF |
32 |
-----END PGP SIGNATURE----- |