1 |
On Tue, 31 May 2016 18:44:10 +0100, Mick wrote: |
2 |
|
3 |
> > The operator user was not used by CoreOS, but existed because it |
4 |
> > exists in the Gentoo Portage system from which CoreOS is derived. |
5 |
> > <end/snippets> |
6 |
> > |
7 |
> > Full read [1]. It kinda shows that CoreOS is derived from Gentoo |
8 |
> > and not ChromeOS; at least when time to blame a security lapse |
9 |
> > elsewhere.... |
10 |
|
11 |
ChromeOS is based on Gentoo, so if CoreOS is based no ChromeOS it is a |
12 |
second generation Gentoo derivative. |
13 |
|
14 |
> Does this mean we need to do anything to improve the security of our |
15 |
> systems? |
16 |
|
17 |
The report seems to be saying that the problem is caused by using the |
18 |
Gentoo default config, which assumes a Gentoo environment. So it's fine |
19 |
on Gentoo. But it won't hurt to run glsa-check from time to time (my sync |
20 |
script does it every time and mails me if there's a problem). |
21 |
|
22 |
|
23 |
-- |
24 |
Neil Bothwick |
25 |
|
26 |
Everything else being equal, fat people use more soap. |