From: Christian Kauhaus <kc@gocept.com>
To: gentoo-security@lists.gentoo.org
Subject: Re: [gentoo-security] No GLSA since January?!?
Date: Sat, 27 Aug 2011 10:49:09 +0200 [thread overview]
Message-ID: <4E58AF85.4020908@gocept.com> (raw)
In-Reply-To: <20110826180838.GA21426@zen.cs.uri.edu>
Am 26.08.2011 20:08, schrieb Kevin Bryan:
> SECURITY_FIXES="<www-plugins/adobe-flash-10.1.102.64"
> SECURITY_REF="CVE:2010-2169 http://..."
> SECURITY_BUG="343089"
> SECURITY_IMPACT="remote"
Your idea sounds interesting and could lead to very cool technology like the
'ACCEPT_RISKS="..."' variable mentioned elsewhere in this thread.
But it does not solve a major part of the use case. In my opinion, we need to
get notifications about security risks over an independent channel without
having to update the portage tree.
For me (and the rest of my company) the greatest advantage of Gentoo over
other distributions it it's "continuous integration" approach. Updates get
committed to the portage tree continuously over time and administrators are
completely free on how often and when they update their systems. This is
great. But given I have an installed base and I have no reason to update the
portage tree now, I need a reliable information about "this package is
borked". Then I should go for update as fast as possible of course. :-)
So in consequence I would appreciate to have both mechanisms: a timely
up-front notification via GLSAs (probably more brief than the past ones) and
some sort of security masking.
Regards
Christian
--
Dipl.-Inf. Christian Kauhaus <>< · kc@gocept.com · systems administration
gocept gmbh & co. kg · forsterstraße 29 · 06112 halle (saale) · germany
http://gocept.com · tel +49 345 1229889 11 · fax +49 345 1229889 1
Zope and Plone consulting and development
next prev parent reply other threads:[~2011-08-27 8:50 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-08-26 16:12 [gentoo-security] No GLSA since January?!? Christian Kauhaus
2011-08-26 16:43 ` Christoph Jasinski
2011-08-26 16:57 ` JD Horelick
2011-08-26 17:18 ` Daniel A. Avelino
2011-08-26 17:57 ` Alex Legler
2011-08-26 18:22 ` Daniel A. Avelino
2011-08-26 18:44 ` Alex Legler
2011-08-26 19:27 ` Daniel A. Avelino
2011-08-26 16:55 ` Alex Legler
2011-08-26 17:06 ` Christian Kauhaus
2011-08-26 18:00 ` Joost Roeleveld
2011-08-26 18:07 ` Alex Legler
2011-08-26 19:30 ` Joost Roeleveld
2011-08-26 18:08 ` Kevin Bryan
2011-08-26 18:40 ` Alex Legler
2011-08-26 20:02 ` Kevin Bryan
2011-08-26 20:40 ` Daniel A. Avelino
2011-08-26 22:27 ` Alex Legler
2011-08-26 23:38 ` Daniel A. Avelino
2011-08-26 18:41 ` Daniel A. Avelino
2011-08-27 8:49 ` Christian Kauhaus [this message]
2011-08-27 12:13 ` Rich Freeman
2011-08-27 12:34 ` Tobias Heinlein
2011-08-27 13:06 ` Rich Freeman
2011-08-27 13:34 ` Tobias Heinlein
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E58AF85.4020908@gocept.com \
--to=kc@gocept.com \
--cc=gentoo-security@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox