1 |
On Tue, 2007-03-20 at 13:34 +0100, Raphael Marichez wrote: |
2 |
> |
3 |
> Those who are concerned with security should follow our GLSAs. Those who |
4 |
> are really worried about real-time security should follow our bugzilla, |
5 |
> different information sources (full-disc, secunia...), or the upstream |
6 |
> advisories. |
7 |
> |
8 |
> |
9 |
> Generally, if you are warned about a security weakness on a stable |
10 |
> gentoo package, please go to bugs.gentoo.org, perform a quick search, |
11 |
> and if the search returns no result, please open a bug in the "Gentoo |
12 |
> Security" category. (but most of the time, there will already be an |
13 |
> opened bug). In that case the bug already existed. |
14 |
|
15 |
I did report the issue. It was added to the month of PHP bugs tracker. |
16 |
However, I don't agree with your out of hand dismissal of sending this |
17 |
to the list. Webapps under Gentoo are difficult to maintain at best. |
18 |
People should know, and this is a very public security issue that people |
19 |
can quickly and easily address. I fail to see the harm in mentioning it. |
20 |
I certainly don't need any reinforcement on how to read GLSAs or search |
21 |
bugzilla, but thanks for the information. |
22 |
|
23 |
Wendall |