Gentoo Archives: gentoo-security

From: Richard Freeman <rich0@g.o>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Kernel Security Update Target Delay?
Date: Sun, 26 Sep 2010 13:04:08
In Reply to: Re: [gentoo-security] Kernel Security Update Target Delay? by Volker Armin Hemmann
On 09/26/2010 07:51 AM, Volker Armin Hemmann wrote:
> so there has been roughly a week so far.
Agreed - 10 days was the figure I mentioned. So far we're 7 over the target of 3. Most major distros did it in less than 1.
> > And the bug is not that dangerous - except when you insist on running unsecure > 32bit software on a 64bit system. >
I didn't realize that multilib amd64 wasn't a security-supported configuration of Gentoo. Perhaps that should be documented somewhere - like the amd64 handbook, and the multilib howto. The security page probably should also be updated - to indicate that amd64 is a supported arch only without multilib. Note that you don't need to RUN any 32-bit software to be insecure - you merely need to have support for it enabled in the kernel config. Look, either multilib is supported, or it isn't. If it isn't, that's a pretty big caveat that we don't document ANYWHERE. If it is, then we have to fix bugs in line with the security guidelines. I'm just asking for us to be up-front with our policies, and to follow them. If we don't support multilib amd64, fine. If we do support it, then we need to support it. Rich


Subject Author
Re: [gentoo-security] Kernel Security Update Target Delay? "Robin H. Johnson" <robbat2@g.o>