From: Duncan <1i5t5.duncan@cox.net>
To: gentoo-dev@lists.gentoo.org
Subject: [gentoo-dev] Re: Regarding long delays on GLSA generation
Date: Sat, 18 Jan 2014 19:10:39 +0000 (UTC) [thread overview]
Message-ID: <pan$ee0a6$e8da441b$1d21bfc2$55cdf617@cox.net> (raw)
In-Reply-To: CAKmKYaAtFGCr2nVUepBUN-VagU7wYt6szugcd2ZJ70cqbGvjjQ@mail.gmail.com
Dirkjan Ochtman posted on Sat, 18 Jan 2014 17:33:36 +0100 as excerpted:
> On Sat, Jan 18, 2014 at 5:30 PM, Pacho Ramos <pacho@gentoo.org> wrote:
>> What I want to achieve is to try to get this problem solved, I don't
>> think has any sense to have pending GLSA bugs waiting for ages (yes,
>> ages), I see this for really a lot of packages, the pointed one was
>> only one example, but there are many more (like glib, dotnet stuff...)
>
> From my perception, the security team in recent months has gone through
> great lengths to improve the process and to work on the backlog of old
> security bugs. AIUI, this *is* getting fixed, it just takes some time to
> fix it properly.
Same here. I've been glad to see the GLSAs moving again, even if seeing
LWN mention that it's a three-year-out (or was it five?) notice is a
bit ... gulp-worthy... even if on ~arch plus hard-unmasked pre-release
overlays I rarely see a GLSA that actually applies to me. (Tho I'd just
done the NTP update, noting the security issue from the changelog, and
was glad to see the official GLSA for it with additional detail.)
Still, if it's five years out and catching up, at least we have people
working on it now and it's happening! =:^)
But it's good to see this thread with the details posted. There was
mention that it had been discussed on dev before, but if so, I hadn't
seen it, at least in that detail. So I believe it was a reasonable
question, with now a reasonable answer. =:^)
Thanks again. That's a vital bit of gentoo that got stuck for a bit, and
I'm very appreciative that /someone/ is doing that hard and unglamorous
work without a lot of thanks. =:^)
--
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." Richard Stallman
next prev parent reply other threads:[~2014-01-18 19:11 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-18 15:34 [gentoo-dev] Regarding long delays on GLSA generation Pacho Ramos
2014-01-18 16:02 ` Alex Legler
2014-01-18 16:30 ` Pacho Ramos
2014-01-18 16:33 ` Dirkjan Ochtman
2014-01-18 19:10 ` Duncan [this message]
2014-01-18 16:34 ` Pacho Ramos
2014-01-18 17:26 ` Alex Legler
2014-01-18 17:38 ` Pacho Ramos
2014-01-18 18:19 ` Alex Legler
2014-01-18 18:35 ` Pacho Ramos
2014-01-18 18:57 ` Pacho Ramos
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='pan$ee0a6$e8da441b$1d21bfc2$55cdf617@cox.net' \
--to=1i5t5.duncan@cox.net \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox