From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id D5F56138247 for ; Sat, 18 Jan 2014 16:30:27 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E480DE0B6E; Sat, 18 Jan 2014 16:30:20 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 08A5BE0B67 for ; Sat, 18 Jan 2014 16:30:19 +0000 (UTC) Received: from [192.168.1.33] (182.Red-2-137-18.dynamicIP.rima-tde.net [2.137.18.182]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: pacho) by smtp.gentoo.org (Postfix) with ESMTPSA id 47E2233F8AE; Sat, 18 Jan 2014 16:30:18 +0000 (UTC) Message-ID: <1390062615.24148.87.camel@belkin5> Subject: Re: [gentoo-dev] Regarding long delays on GLSA generation From: Pacho Ramos To: gentoo-dev@lists.gentoo.org Cc: security@gentoo.org Date: Sat, 18 Jan 2014 17:30:15 +0100 In-Reply-To: <52DAA58B.7060402@gentoo.org> References: <1390059274.24148.80.camel@belkin5> <52DAA58B.7060402@gentoo.org> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.8.5 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-Archives-Salt: 60cb876f-e037-4bca-8015-e9c2fc496971 X-Archives-Hash: 33b6f48414388119181d3c3e1eaafdde El sáb, 18-01-2014 a las 17:02 +0100, Alex Legler escribió: > On 18.01.2014 16:34, Pacho Ramos wrote: > > Was looking to existing gedit bug reports and I found: > > https://bugs.gentoo.org/show_bug.cgi?id=257004 > > > > That is only one more example of a really old bug report still opened > > and waiting for a GLSA. Was wondering what really causes this long > > delays, can't GLSA be done automatically? > > Nope. But we do make constant refinements to speed up the process. > > > Would a GLSA even have any > > sense for cases like this (after 5 years) > > > > Yope. (I've answered this questions a trillion times by now, so care to > use $searchengine?) > > > Thanks for your help > > > > > > Not sure what you wanted to achieve by sending this email. Posting > $old_bug assigned to a specific team to -dev to point fingers at them is > just lame, as I'm pretty sure there's bug skeletons in every team's closet. > > Appreciatively of your appreciation of our efforts, > Alex > What I want to achieve is to try to get this problem solved, I don't think has any sense to have pending GLSA bugs waiting for ages (yes, ages), I see this for really a lot of packages, the pointed one was only one example, but there are many more (like glib, dotnet stuff...) Regarding sending this to the whole list (well, I don't understand why people in security team want to not get gentoo-dev ML involved), I simply did that as I though maybe some help/suggestions could be needed taking care clearly the security team is not able to fix this situation for really a long time and, hopefully, some other people could help with their effort and ideas to fix this long standing issue. The issue is still present even if we don't talk about it and keep simply ignoring all bug reports assigned to security and accumulating for years. The idea is to try to solve the situation, not to point to you, I didn't pointed to you, you will know why do you feel offended about this.