From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 20829138334 for ; Tue, 4 Dec 2018 22:35:26 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 39AC9E0DCF; Tue, 4 Dec 2018 22:35:25 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 05857E0DCA for ; Tue, 4 Dec 2018 22:35:24 +0000 (UTC) Received: from localhost (pool-108-45-63-132.washdc.fios.verizon.net [108.45.63.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: bman) by smtp.gentoo.org (Postfix) with ESMTPSA id 5125A335C8C for ; Tue, 4 Dec 2018 22:35:23 +0000 (UTC) Date: Tue, 4 Dec 2018 17:35:20 -0500 From: Aaron Bauman To: gentoo-project@lists.gentoo.org Subject: Re: [gentoo-project] Re: [pre-glep] Security Project Structure Message-ID: <20181204223520.GO16376@monkey> References: <6137e99b-2995-0569-9d3d-250924fdf116@gentoo.org> <1d3c9d30-5570-de92-3da9-75bd33c02075@gentoo.org> <21194272-4039-e473-8f57-426021fb24b7@gentoo.org> <6e4144f5-e69a-96ea-4ce7-717d1f85376b@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Project discussion list X-BeenThere: gentoo-project@lists.gentoo.org Reply-To: gentoo-project@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="bJ3jXuwtxrXxD2iT" Content-Disposition: inline In-Reply-To: <6e4144f5-e69a-96ea-4ce7-717d1f85376b@gentoo.org> User-Agent: Mutt/1.11.0 (2018-11-25) X-Archives-Salt: 79b96306-1b2e-4fc9-9fb6-c56c7f1562e2 X-Archives-Hash: 9be6976ef608910653867438ee8dc506 --bJ3jXuwtxrXxD2iT Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Dec 04, 2018 at 11:17:01PM +0100, Kristian Fiskerstrand wrote: > Well, in terms of CVEs the documentation matters quite a bit, the > question isn't necessarily what any user would do ... but what a > reasonable user would do.. and a reasonable user would consider the > documented practices of a project. > I suppose a "reasonable user" by your definition would also read and track the CVE's to determine the security posture of their machine on their own? If so, we can disband the security team on that logic. > --=20 > Kristian Fiskerstrand > OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net > fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 >=20 --=20 Cheers, Aaron --bJ3jXuwtxrXxD2iT Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEEiDRK3jyVBE/RkymqpRQw84X1dt0FAlwHASgACgkQpRQw84X1 dt1c4wf/ekGQLmGgP2pQAJCgbdKJN18E8SAQhVOoSI8wd2/D6ck3gPV2ZXqFWV+S T8a0QzNKg/Gtv8DTC2ouBj7cH18HqHAWeJYw2eXh8g+6Nv40Yp6IU04WJyee5sY+ czMvlE3QmoruY8ZtwT2bt106knYhyMlKJAdi9iOryzq//dJU3tBn4bSly1B/n/Gb PlDmRDAykTtZgR8qfwQdl3aIpMIKKdkgigw9MF3F/RKdU8Qux5mhOstm1xIOSsf8 qXDtybftUE2DjqMPgIJHtp0EB1ee15Hmx8HpJCaMHuX5Xvf+T8z3tAu2oPg7wlft 6F+bGDHJUYF3qnKvhqXBCPC3TOHbIQ== =wYik -----END PGP SIGNATURE----- --bJ3jXuwtxrXxD2iT--