From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id E8694138247 for ; Sat, 18 Jan 2014 17:26:50 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 54167E0B05; Sat, 18 Jan 2014 17:26:44 +0000 (UTC) Received: from mail.a3li.li (sawfish.a3li.li [89.238.78.10]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 55288E0ADC for ; Sat, 18 Jan 2014 17:26:43 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.a3li.li (Postfix) with ESMTP id 45255229BEA; Sat, 18 Jan 2014 18:26:42 +0100 (CET) X-Virus-Scanned: amavisd-new at a3li.li Received: from mail.a3li.li ([127.0.0.1]) by localhost (stingray.a3li.info [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IHMlJT0QDuJ2; Sat, 18 Jan 2014 18:26:41 +0100 (CET) Received: from [IPv6:2001:6f8:12e4:0:6267:20ff:fe71:fb00] (unknown [IPv6:2001:6f8:12e4:0:6267:20ff:fe71:fb00]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mail.a3li.li (Postfix) with ESMTPSA id C76C8229BC6; Sat, 18 Jan 2014 18:26:40 +0100 (CET) Message-ID: <52DAB93F.50706@gentoo.org> Date: Sat, 18 Jan 2014 18:26:23 +0100 From: Alex Legler User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-dev@lists.gentoo.org CC: security@gentoo.org Subject: Re: [gentoo-dev] Regarding long delays on GLSA generation References: <1390059274.24148.80.camel@belkin5> <52DAA58B.7060402@gentoo.org> <1390062615.24148.87.camel@belkin5> In-Reply-To: <1390062615.24148.87.camel@belkin5> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Archives-Salt: 64bf0738-c951-4fbf-a5c3-60d3203f7988 X-Archives-Hash: c7f9bdb3ba17b10bb35593ee4850bf35 On 18.01.2014 17:30, Pacho Ramos wrote: > […] > > What I want to achieve is to try to get this problem solved, I don't > think has any sense to have pending GLSA bugs waiting for ages (yes, > ages), I see this for really a lot of packages, the pointed one was only > one example, but there are many more (like glib, dotnet stuff...) Your message is profoundly lacking any proposed solutions, however it does contain plenty of complaining. That's not a good way to solve problems. > > Regarding sending this to the whole list (well, I don't understand why > people in security team want to not get gentoo-dev ML involved), I > simply did that as I though maybe some help/suggestions could be needed > taking care clearly the security team is not able to fix this situation > for really a long time and, hopefully, some other people could help with > their effort and ideas to fix this long standing issue. Assuming that posing to -dev generates magical help or solutions is quite naive. You're not the first one to post here, but and you're certainly not the first one whose message didn't help in the slightest. Thanks for trying though. As others on the list have noticed, we are working on fixing things. Your diagnosis of us being 'clearly' unable to do so is quite unsubstantiated. You should understand that we can't just make a bug pile gathered over years disappear in one day. > > The issue is still present even if we don't talk about it and keep > simply ignoring all bug reports assigned to security and accumulating > for years. The idea is to try to solve the situation, not to point to > you, I didn't pointed to you, you will know why do you feel offended > about this. > > Noone's offended here. I'm just saying your email doesn't serve a purpose. If a -dev post was the solution, we'd have it by now. If you'd like to help in a way we actually think is useful, we'd be glad to have you fill one of our staffing needs posted or to engage in the discussions we have on the -security list and on IRC. -- Alex Legler Gentoo Security/Ruby/Infrastructure