From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-dev+bounces-44389-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1PnAc6-0001zq-RI
	for garchives@archives.gentoo.org; Wed, 09 Feb 2011 14:01:47 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 494F6E0ACC;
	Wed,  9 Feb 2011 14:01:38 +0000 (UTC)
Received: from hera.cwi.nl (hera.cwi.nl [192.16.191.8])
	by pigeon.gentoo.org (Postfix) with ESMTP id 946AFE0AC2
	for <gentoo-dev@lists.gentoo.org>; Wed,  9 Feb 2011 14:01:10 +0000 (UTC)
Received: from gentoo.org (volund.ins.cwi.nl [192.16.196.166]) by hera.cwi.nl with ESMTP
	id p19E194U026038 for <gentoo-dev@lists.gentoo.org>; Wed, 9 Feb 2011 15:01:09 +0100 (CET)
Date: Wed, 9 Feb 2011 15:01:09 +0100
From: Fabian Groffen <grobian@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] GSLA improvements (WAS: avoiding urgent
 stabilisations)
Message-ID: <20110209140109.GN28923@gentoo.org>
Mail-Followup-To: gentoo-dev@lists.gentoo.org
References: <20110207205059.GA10939@bookie>
 <20110208164116.GC31166@comet.mayo.edu>
 <AANLkTikiu7v0yWwk6ZfbCXcfGsjcbg5+gb8MG77aL85x@mail.gmail.com>
 <201102081846.32733.dilfridge@gentoo.org>
 <20110208175720.GE4530@gentoo.org>
 <AANLkTi=vjpVeDakazhnOaxs06TGwG3pQL80v_xETQzEX@mail.gmail.com>
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <AANLkTi=vjpVeDakazhnOaxs06TGwG3pQL80v_xETQzEX@mail.gmail.com>
User-Agent: Mutt/1.5.21 (Darwin 9.8.0, VIM - Vi IMproved 7.3)
Organization: Gentoo Foundation, Inc.
X-Archives-Salt: 
X-Archives-Hash: a48f17ecdede182e38ee4736937bf587

On 09-02-2011 08:57:25 -0500, Rich Freeman wrote:
> Perhaps we should target having glsas published within a certain
> amount of time after a vulnerability is disclosed, whether corrected
> or not.  We could re-publish a final notice once all is well.  We
> really shouldn't consider users safe from a security vulnerability
> until the vulnerability is patched in the tree AND the notice to
> update has been sent out.

Excellent, take this up with the security team.  Reevaluate which archs
are security supported, and see if you can get a timeout policy
implemented.


-- 
Fabian Groffen
Gentoo on a different level