From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.43) id 1EHw8s-0004VC-En for garchives@archives.gentoo.org; Wed, 21 Sep 2005 04:23:34 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.5/8.13.5) with SMTP id j8L4G2Mu028624; Wed, 21 Sep 2005 04:16:02 GMT Received: from egr.msu.edu (jeeves.egr.msu.edu [35.9.37.127]) by robin.gentoo.org (8.13.5/8.13.5) with ESMTP id j8L4CZER009537 for <gentoo-security@lists.gentoo.org>; Wed, 21 Sep 2005 04:12:40 GMT Received: from [207.72.142.225] (207-72-142-225.dovers_res_net.spartan-net.net [207.72.142.225] (may be forged)) (authenticated bits=0) by egr.msu.edu (8.13.4/8.13.4) with ESMTP id j8L4ITfj013808 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <gentoo-security@lists.gentoo.org>; Wed, 21 Sep 2005 00:18:30 -0400 (EDT) Message-ID: <4330DF1D.6000502@egr.msu.edu> Date: Wed, 21 Sep 2005 00:18:37 -0400 From: Alec Warner <warnera6@egr.msu.edu> User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050806) X-Accept-Language: en-us, en Precedence: bulk List-Post: <mailto:gentoo-security@lists.gentoo.org> List-Help: <mailto:gentoo-security+help@gentoo.org> List-Unsubscribe: <mailto:gentoo-security+unsubscribe@gentoo.org> List-Subscribe: <mailto:gentoo-security+subscribe@gentoo.org> List-Id: Gentoo Linux mail <gentoo-security.gentoo.org> X-BeenThere: gentoo-security@gentoo.org Reply-to: gentoo-security@lists.gentoo.org MIME-Version: 1.0 To: gentoo-security@lists.gentoo.org Subject: Re: [gentoo-security] Kernels and GLSAs References: <432FEDD4.1030604@umtstrial.co.uk> <200509200716.37148.brian@braverock.com> <4330205F.6010402@gentoo.org> In-Reply-To: <4330205F.6010402@gentoo.org> X-Enigmail-Version: 0.90.2.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: 5a1d6cbd-070d-463c-8285-b4c6613ba0e9 X-Archives-Hash: 7ee7894b1d9bf7e3c69c24e6af4fc292 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thierry Carrez wrote: > Brian G. Peterson wrote: > > >>On Tuesday 20 September 2005 06:09 am, Calum wrote: >> >> > This ongoing kernel security information, along with kernel security > alerts when really big things are discovered (Local Root that would work > on most configurations, for example) was for us the best solution. KISS > is almost ready for BETA release, meaning you should be able to access > it very soon for testing. > > Also KISS was no secret, it's in the Security project objectives for > year 2005, as published on this list at the beginning of the year. > > Thanks for your attention. > <snip snip> I am in support of whatever you decide, but I would expect there to be documentation somewhere stating current policy ( that being that kernel security bugs are not made into GLSA's ). Knowing this I can work around it and find other ways to keep my kernel updated. However no one wants to be under the false pretense that GLSA's cover all security problems and then get nailed by a kernel security issue. I don't see anything about the security seciton of gentoo's website detailing that kernel security issues aren't in GLSA's and I think it would be helpful to include that. It may even be helpful to add it to the post_inst of gentoolkit/glsa-check's manpage. Right now if I read the security handbook or the GLSA documentation I am misinformed. If you are indeed switching to a system that works better I think many would enjoy an upgrade of docs, or issuing GLSA's until you have KISS running, or just documentation that says kernel security bugs are not covered by GLSA's. If you want a bug filed, I can do that as well. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQIVAwUBQzDfHGzglR5RwbyYAQL5+w/+LTaohDpFWqguv98wkMXEl+ZwsQZNeSJt WOV+X9HAqa+l/dvU0noCd0CvjKBCiYsmbzXHBiGvAmu3HYrdUGCejSC9pnVLRLlC JkNRklehGGEzKBXNgPYrMnlq0ybF8UjFcTgkXIycG9ucJbCwD0hyotwRI1kGe3sM Tuq1TqBjeZGNPfCymREqv6Pn9OlDWNVzXSQ9xnin0/xscVvQbUw8dAx4AgoTL4Jo ltzNU89KMyeEALgy4W0ctE4v/tIbrPY+Ye/Ypd8AYO6JW5LBnik2njc3KArybzsp 2BOhBKMPC4mh3BLr2IP3kJzavtEOjvME/9DkqSuuDB09SexaGmiZSnCFkRG5XSs7 GQPVzsFxfW2c913FZ0I4Nij3jwK7PcGxOCUHhAirLd1VHizoFYBcHJxK1ldACUR0 dtSuc/2yAg1bMBkHvJhDS4MDEdIchqmvBsCD9YxjpZ+vulMdUDigP1jokiuqlLRp y2rBGXfFJxCVywjvmJ67V45Rxh83QG75TaIP7LAb19pJH71lVbt1RqmvikIZuFHv Te5cJ6HW5egWrjIMLKCp9ZpZrXpRCZXHxVoNwqUcI1QI+uTbKuBh/4DLsKFPjAvU hWgvuIOxIaH3E2fHNoaaUbO90qeq8pmRFkUNHAc3TPIA6zcYwS/mne8PvFvq12rJ 8TPPR7XO2L0= =hxQ6 -----END PGP SIGNATURE----- -- gentoo-security@gentoo.org mailing list