From: Tobias Heinlein <keytoaster@gentoo.org>
To: gentoo-security@lists.gentoo.org
Subject: Re: [gentoo-security] No GLSA since January?!?
Date: Sat, 27 Aug 2011 14:34:39 +0200 [thread overview]
Message-ID: <4E58E45F.8000006@gentoo.org> (raw)
In-Reply-To: <CAGfcS_koxCDPjPc3N_KKs3M_rAtnvbuDeePpLsaKbFcgQ3x7og@mail.gmail.com>
Rich Freeman wrote, on 08/27/2011 02:13 PM:
> Note that I'm basically advocating ditching the tool. A tool is good
> when it improves productivity. However, right now it appears that the
> tool is keeping people from contributing who want to contribute.
> Certainly things couldn't get worse without the tool. If a user just
> edits an xml template and email template and posts it on the bug, then
> very little work should be required to review the files before posting
> them. Contributors wouldn't need any special access either - freeing
> up devs to provide more of a QA role.
>
> Ditching the tool would also simplify fixes to GLSAs. I haven't run
> it in a while, but took glsa-checker out of my cron ages ago when it
> would just report packages with vulnerabilities that had none. I did
> log bugs, but apparently adding one line to the xml files requires as
> much pain as sending out the original notice.
I have read that idea multiple times now, each of them by people not on
the security team or something similar. It just doesn't work that way.
It's like suggesting to ditch Bugzilla and instead enter bugs manually
with SQL commands into a database. Well, not quite, but you get the idea.
Also, as previously stated, we know that the tool sucks, which is why
Alex has been working for months on new tools. We really wouldn't spend
that much time on that if it wasn't worth it.
next prev parent reply other threads:[~2011-08-27 12:35 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-08-26 16:12 [gentoo-security] No GLSA since January?!? Christian Kauhaus
2011-08-26 16:43 ` Christoph Jasinski
2011-08-26 16:57 ` JD Horelick
2011-08-26 17:18 ` Daniel A. Avelino
2011-08-26 17:57 ` Alex Legler
2011-08-26 18:22 ` Daniel A. Avelino
2011-08-26 18:44 ` Alex Legler
2011-08-26 19:27 ` Daniel A. Avelino
2011-08-26 16:55 ` Alex Legler
2011-08-26 17:06 ` Christian Kauhaus
2011-08-26 18:00 ` Joost Roeleveld
2011-08-26 18:07 ` Alex Legler
2011-08-26 19:30 ` Joost Roeleveld
2011-08-26 18:08 ` Kevin Bryan
2011-08-26 18:40 ` Alex Legler
2011-08-26 20:02 ` Kevin Bryan
2011-08-26 20:40 ` Daniel A. Avelino
2011-08-26 22:27 ` Alex Legler
2011-08-26 23:38 ` Daniel A. Avelino
2011-08-26 18:41 ` Daniel A. Avelino
2011-08-27 8:49 ` Christian Kauhaus
2011-08-27 12:13 ` Rich Freeman
2011-08-27 12:34 ` Tobias Heinlein [this message]
2011-08-27 13:06 ` Rich Freeman
2011-08-27 13:34 ` Tobias Heinlein
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E58E45F.8000006@gentoo.org \
--to=keytoaster@gentoo.org \
--cc=gentoo-security@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox