| 1 |
On Tue, 2007-03-20 at 13:34 +0100, Raphael Marichez wrote: |
| 2 |
> |
| 3 |
> Those who are concerned with security should follow our GLSAs. Those who |
| 4 |
> are really worried about real-time security should follow our bugzilla, |
| 5 |
> different information sources (full-disc, secunia...), or the upstream |
| 6 |
> advisories. |
| 7 |
> |
| 8 |
> |
| 9 |
> Generally, if you are warned about a security weakness on a stable |
| 10 |
> gentoo package, please go to bugs.gentoo.org, perform a quick search, |
| 11 |
> and if the search returns no result, please open a bug in the "Gentoo |
| 12 |
> Security" category. (but most of the time, there will already be an |
| 13 |
> opened bug). In that case the bug already existed. |
| 14 |
|
| 15 |
I did report the issue. It was added to the month of PHP bugs tracker. |
| 16 |
However, I don't agree with your out of hand dismissal of sending this |
| 17 |
to the list. Webapps under Gentoo are difficult to maintain at best. |
| 18 |
People should know, and this is a very public security issue that people |
| 19 |
can quickly and easily address. I fail to see the harm in mentioning it. |
| 20 |
I certainly don't need any reinforcement on how to read GLSAs or search |
| 21 |
bugzilla, but thanks for the information. |
| 22 |
|
| 23 |
Wendall |
Archives