| 1 |
On Sat, Sep 10, 2016 at 7:11 PM, Ian Zimmerman <itz@×××××××.net> wrote: |
| 2 |
> There has not been a GLSA, according to the gentoo.org front page, since |
| 3 |
> August 1 [1]. In the meantime, Debian has had [2] [3] and [4] among |
| 4 |
> others. Is it really the case that the Gentoo builds aren't affected by |
| 5 |
> any of these? |
| 6 |
> |
| 7 |
|
| 8 |
Gentoo GLSAs are not announced until the last arch stabilizes the |
| 9 |
change and then a security team member generates the notice. This is |
| 10 |
usually long after amd64/x86 do so. If you wait for a GLSA |
| 11 |
announcement before doing an update, or only do updates using the |
| 12 |
glsa-check tool you're going to be vulnerable for a LONG time. |
| 13 |
|
| 14 |
-- |
| 15 |
Rich |
Archives