From: Alex Legler <a3li@gentoo.org>
To: gentoo-security@lists.gentoo.org
Subject: Re: [gentoo-security] No GLSA since January?!?
Date: Fri, 26 Aug 2011 18:55:43 +0200 [thread overview]
Message-ID: <2687862.MvHKRGueIZ@neon> (raw)
In-Reply-To: <4E57C5D0.8090004@gocept.com>
[-- Attachment #1: Type: text/plain, Size: 1816 bytes --]
On Friday 26 August 2011 18:12:00 Christian Kauhaus wrote:
> Hi,
>
> I'm wondering that may favorite Linux distro hasn't had any security
> announcements since January. In my opinion this is really problematic. At
> our company we try to convince prospective customers to host their
> applications on our Gentoo servers. When asked about security incident
> handling, I have to say: "They state 'Security is a primary focus' on their
> website, but they don't inform their users." Not very convincing.
>
That's the issue with an all-volunteer team. We lost some active members and
with that quite some momentum. The remainder of the team currently focuses on
getting issues fixed, which actually works quite well. Users who are watching
our alias in Bugzilla were informed about all updates.
Making advisories with the available tool and process set was very time-
intensive, I've been working on making that drafting process faster. The goal
we currently have is to wrap up the pending advisories in September with a few
large grouped advisories and resume sending advisories after that as usual.
Compared to other distributions, our advisories have been rather detailed with
lots of manually researched information. I'm not sure if we can keep up this
very high standard with the limited manpower, but we'll try our best.
For quite some time now, there has also been a staffing request on the
website, with low-to-medium success (yielding 1 new team member). Most people
interested didn't think the job came with that much boring work. (No, we're
not hacking stuff all day)
> So what is the roadblock that hinders GLSA creation? Is there any way to get
> the GLSAs into working order again?
tl;dr: Get more people to do boring work.
Alex
--
Alex Legler <a3li@gentoo.org>
Gentoo Security / Ruby
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
next prev parent reply other threads:[~2011-08-26 16:57 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-08-26 16:12 [gentoo-security] No GLSA since January?!? Christian Kauhaus
2011-08-26 16:43 ` Christoph Jasinski
2011-08-26 16:57 ` JD Horelick
2011-08-26 17:18 ` Daniel A. Avelino
2011-08-26 17:57 ` Alex Legler
2011-08-26 18:22 ` Daniel A. Avelino
2011-08-26 18:44 ` Alex Legler
2011-08-26 19:27 ` Daniel A. Avelino
2011-08-26 16:55 ` Alex Legler [this message]
2011-08-26 17:06 ` Christian Kauhaus
2011-08-26 18:00 ` Joost Roeleveld
2011-08-26 18:07 ` Alex Legler
2011-08-26 19:30 ` Joost Roeleveld
2011-08-26 18:08 ` Kevin Bryan
2011-08-26 18:40 ` Alex Legler
2011-08-26 20:02 ` Kevin Bryan
2011-08-26 20:40 ` Daniel A. Avelino
2011-08-26 22:27 ` Alex Legler
2011-08-26 23:38 ` Daniel A. Avelino
2011-08-26 18:41 ` Daniel A. Avelino
2011-08-27 8:49 ` Christian Kauhaus
2011-08-27 12:13 ` Rich Freeman
2011-08-27 12:34 ` Tobias Heinlein
2011-08-27 13:06 ` Rich Freeman
2011-08-27 13:34 ` Tobias Heinlein
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2687862.MvHKRGueIZ@neon \
--to=a3li@gentoo.org \
--cc=gentoo-security@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox