From: Brian Harring <ferringb@gmail.com>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] Security/QA Spring Cleaning
Date: Tue, 23 May 2006 14:06:20 -0700 [thread overview]
Message-ID: <20060523210620.GE14671@nightcrawler> (raw)
In-Reply-To: <1148417466.18445.16.camel@cgianelloni.nuvox.net>
[-- Attachment #1: Type: text/plain, Size: 1229 bytes --]
On Tue, May 23, 2006 at 04:51:06PM -0400, Chris Gianelloni wrote:
> On Tue, 2006-05-23 at 16:22 -0400, Ned Ludd wrote:
> > And now per arch breakdowns.
> > http://gentooexperimental.org/~ferringb/reports/arch-vulnerabilities/
>
> No offense, but that isn't exactly useful in its current form. For
> example, x86 shows *all* of the packages, even ones where it has a
> non-vulnerable version stable.
> I guess a breakdown of which
> architectures still do not have a version *higher* than the ones listed
> by the GLSA stable would be necessary instead.
You're ignoring the fact that ebuilds can and do specify version
ranges that result in portage using something other then the highest-
the report is a listing of "these pkgs are vulnerable according to
glsas", the arch-vulns is just a view of that with stable/unstable for
that arch collapsed into one.
In other words... having a version stable that isn't affected by the
glsa, good and grand, but the ebuilds sitting in the tree are *still*
vulnerable.
Splitting off a stable vs unstable is doable, but the intention of
that report is to spell out which packages in the tree are vulnerable,
thus in need of getting the boot.
~harring
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2006-05-23 21:11 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-05-22 3:02 [gentoo-dev] Security/QA Spring Cleaning Ned Ludd
2006-05-22 5:25 ` Robin H. Johnson
2006-05-22 5:30 ` Brian Harring
2006-05-23 20:22 ` Ned Ludd
2006-05-23 20:44 ` Brian Harring
2006-05-23 22:44 ` Thomas Cort
2006-05-23 20:51 ` Chris Gianelloni
2006-05-23 21:06 ` Brian Harring [this message]
2006-05-23 21:46 ` Chris Gianelloni
2006-05-23 22:05 ` Brian Harring
2006-05-23 22:24 ` Chris Gianelloni
2006-05-23 22:36 ` Brian Harring
2006-05-24 4:11 ` Doug Goldstein
2006-05-24 12:06 ` Chris Gianelloni
2006-05-24 12:02 ` Chris Gianelloni
2006-05-23 21:50 ` Ned Ludd
2006-05-23 22:22 ` Chris Gianelloni
2006-05-28 18:20 ` Ned Ludd
2006-05-28 20:18 ` Robin H. Johnson
2006-05-29 1:17 ` Ned Ludd
2006-05-29 20:22 ` Chris Gianelloni
2006-06-02 13:15 ` Eldad Zack
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060523210620.GE14671@nightcrawler \
--to=ferringb@gmail.com \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox