From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev-return-5948-arch-gentoo-dev=gentoo.org@gentoo.org>
Received: (qmail 26439 invoked by uid 1002); 22 Aug 2003 17:30:52 -0000
Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:gentoo-dev@gentoo.org>
List-Help: <mailto:gentoo-dev-help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev-unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-dev-subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@gentoo.org
Received: (qmail 20050 invoked from network); 22 Aug 2003 17:30:51 -0000
From: Caleb Tennis <caleb@gentoo.org>
Organization: Gentoo
To: gentoo-dev@gentoo.org
Date: Fri, 22 Aug 2003 12:30:49 -0500
User-Agent: KMail/1.5.1
References: <20030822191939.36400b90.genone@genone.de>
In-Reply-To: <20030822191939.36400b90.genone@genone.de>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200308221230.49538.caleb@gentoo.org>
Subject: Re: [gentoo-dev] GLEP #14: security updates based on GLSA
X-Archives-Salt: 11dddff4-bdfb-40eb-aa2d-70c680aa91d8
X-Archives-Hash: c28f29845f9fe177fa3b1b34ee59bee4

On Friday 22 August 2003 12:19 pm, Marius Mauch wrote:
> As already discussed here serveral days ago I've written up a GLEP for
> this often requested feature:

Good first draft.  I'd propose to add in some way to verify the GLSA is indeed 
an authorized one (checking a GPG signature, perhaps?).  I would further 
propose some thought around making sure that a GLSA is indeed a formal Gentoo 
GLSA and that has gone through the security team, as opposed to having a 
random developer be able to issue one.

Caleb


--
gentoo-dev@gentoo.org mailing list