From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 26639 invoked by uid 1002); 23 Aug 2003 12:17:10 -0000 Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Received: (qmail 15813 invoked from network); 23 Aug 2003 12:17:10 -0000 From: Karsten Schulz To: gentoo-dev@gentoo.org Date: Sat, 23 Aug 2003 14:17:09 +0200 User-Agent: KMail/1.5.2 References: <20030822191939.36400b90.genone@genone.de> <200308222150.15259.kaschu@t800.ping.de> <200308222219.11859.pauldv@gentoo.org> In-Reply-To: <200308222219.11859.pauldv@gentoo.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200308231417.09250.kaschu@t800.ping.de> Subject: Re: [gentoo-dev] GLEP #14: security updates based on GLSA X-Archives-Salt: 53cd6154-ebc2-4a12-b8ff-a9ca277c1fa6 X-Archives-Hash: 2856976137fa2b5971a2825e03456c32 Am Freitag, 22. August 2003 22:18 schrieb Paul de Vrieze: > Maybe a bug classification could be used like: > (local exploit, remote exploit, denial of service, local denial of > service) yes, that would be fine. > If you want to make sure a point is not missed by the security team, > post a bug on bugs.gentoo.org and make sure you make clear it is a > security bug. Of course I know, that it is to me to support the Gentoo Linux Security Team by providing information in form of posted bugs. But that was not my point. I try to make it clearer, please let me give you an example: The unzip-5.50-r2.ebuild fixes a well known security bug as everybody can read in $PORTDIR/app-arch/unzip/ChangeLog. I would like to have had a GLSA about that fact, so that I must not examine the related ChangeLogs by hand. Just the information about that, not more. (As far as I remember, there was no GLSA in Gentoo-announce, nor in Gentoo-security). I feel we have more fixes, than there are announced. As I understand GLSA, they are 'announcements' and a new ebuild, which fixes a bug should be announced in every case. Karsten (If I missed this special GLSA about the unzip flaw, please give me the URI to the corresponding GLSA, I can't find it in my mail archive, nor in the forums, thank you) -- gentoo-dev@gentoo.org mailing list