From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.43) id 1EHhaZ-0006Js-R8 for garchives@archives.gentoo.org; Tue, 20 Sep 2005 12:51:12 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.5/8.13.5) with SMTP id j8KCgaFA008024; Tue, 20 Sep 2005 12:42:36 GMT Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.177]) by robin.gentoo.org (8.13.5/8.13.5) with ESMTP id j8KCZtEu026132 for <gentoo-security@lists.gentoo.org>; Tue, 20 Sep 2005 12:35:55 GMT Received: from dsl-082-082-079-080.arcor-ip.net [82.82.79.80] (helo=sven.genone.homeip.net) by mrelayeu.kundenserver.de with ESMTP (Nemesis), id 0ML25U-1EHhRP1RkM-0008EQ; Tue, 20 Sep 2005 14:41:43 +0200 Date: Tue, 20 Sep 2005 14:44:12 +0200 From: Marius Mauch <genone@gentoo.org> To: gentoo-security@lists.gentoo.org Subject: Re: [gentoo-security] Kernels and GLSAs Message-ID: <20050920144412.5b490e94@sven.genone.homeip.net> In-Reply-To: <200509200716.37148.brian@braverock.com> References: <432FEDD4.1030604@umtstrial.co.uk> <200509200716.37148.brian@braverock.com> Organization: Gentoo X-Mailer: Sylpheed-Claws 1.9.13 (GTK+ 2.6.8; x86_64-pc-linux-gnu) Precedence: bulk List-Post: <mailto:gentoo-security@lists.gentoo.org> List-Help: <mailto:gentoo-security+help@gentoo.org> List-Unsubscribe: <mailto:gentoo-security+unsubscribe@gentoo.org> List-Subscribe: <mailto:gentoo-security+subscribe@gentoo.org> List-Id: Gentoo Linux mail <gentoo-security.gentoo.org> X-BeenThere: gentoo-security@gentoo.org Reply-to: gentoo-security@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; boundary="Signature_Tue__20_Sep_2005_14_44_12_+0200_2jpKVY_IB6.ZJI=E"; protocol="application/pgp-signature"; micalg=PGP-SHA1 X-Provags-ID: kundenserver.de abuse@kundenserver.de login:7e6c91d1b14dbccceb2f2166522fa0f6 X-Archives-Salt: 1758618f-e8ed-46ed-88c1-a01e56867493 X-Archives-Hash: c925b3a3d2b1c336c7adf1f1c8de8079 --Signature_Tue__20_Sep_2005_14_44_12_+0200_2jpKVY_IB6.ZJI=E Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Tue, 20 Sep 2005 07:16:36 -0500 "Brian G. Peterson" <brian@braverock.com> wrote: > On Tuesday 20 September 2005 06:09 am, Calum wrote: > > I prefer the idea that tracking one source (GLSAs) would provide me > > with all the information I needed to keep my Gentoo boxes secure, > > but if we were all to change to a new system, perhaps the kernel > > GLSAs should have overlapped with this new system until it was in, > > tested, and adopted? >=20 > While I think that kernels do need additional information to be > supplied about a potential security hole (kernel security problems > often occur in a module that many people may not use), I agree that > kernel vulnerabilities should be published as GLSAs. =20 >=20 > I subscribe to the GLSA RSS feed, and scan that feed manually against > my installed software list. The glsa-check tool is basically useless > (as of gentoolkit-0.2.1_pre7), as it shows all GLSAs rather than just > GLSAs for tools that correspond to packages installed on the system > it is run on. Can you explain this a bit more? glsa-check hasn't actually changed for a long time. Also make sure you don't confuse the --list option with the --test option. Marius --=20 Public Key at http://www.genone.de/info/gpg-key.pub In the beginning, there was nothing. And God said, 'Let there be Light.' And there was still nothing, but you could see a bit better. --Signature_Tue__20_Sep_2005_14_44_12_+0200_2jpKVY_IB6.ZJI=E Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDMAQgWzrL1pM7SNcRAryrAJ9zlpJUZI/SVLmI6vuetELNh6zVtgCfdW+R fl83KguFk3/ZTZ5FzxSDEjQ= =AFOB -----END PGP SIGNATURE----- --Signature_Tue__20_Sep_2005_14_44_12_+0200_2jpKVY_IB6.ZJI=E-- -- gentoo-security@gentoo.org mailing list