From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 20AFE138247 for ; Thu, 9 Jan 2014 15:43:42 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 35639E0AA7; Thu, 9 Jan 2014 15:43:11 +0000 (UTC) Received: from mail.a3li.li (sawfish.a3li.li [89.238.78.10]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id BA345E0A43 for ; Thu, 9 Jan 2014 15:43:09 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.a3li.li (Postfix) with ESMTP id A5825227E87 for ; Thu, 9 Jan 2014 16:43:08 +0100 (CET) X-Virus-Scanned: amavisd-new at a3li.li Received: from mail.a3li.li ([127.0.0.1]) by localhost (stingray.a3li.info [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rh8NRleu3xsB for ; Thu, 9 Jan 2014 16:43:03 +0100 (CET) Received: from [IPv6:2001:6f8:12e4:0:6267:20ff:fe71:fb00] (unknown [IPv6:2001:6f8:12e4:0:6267:20ff:fe71:fb00]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mail.a3li.li (Postfix) with ESMTPSA id 4BB36227E52 for ; Thu, 9 Jan 2014 16:43:03 +0100 (CET) Message-ID: <52CEC376.5060606@gentoo.org> Date: Thu, 09 Jan 2014 16:42:46 +0100 From: Alex Legler User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-security@lists.gentoo.org Reply-to: gentoo-security@lists.gentoo.org MIME-Version: 1.0 To: gentoo-security@lists.gentoo.org Subject: Re: [gentoo-security] Soliciting feedback for the GLSA-2 format References: <52CCA65E.7040300@gentoo.org> <52CCAC79.4000805@gentoo.org> <52CCAD23.3030600@gentoo.org> <52CDE86F.1080109@gentoo.org> In-Reply-To: <52CDE86F.1080109@gentoo.org> X-Enigmail-Version: 1.6 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="HmaEFMsMsGnamDBfRGbXaOiTdrLU4A0EO" X-Archives-Salt: 7f129765-4a74-4e32-a970-e3a810fab745 X-Archives-Hash: 297599e62f8c7898900d20d5dabaf4e4 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --HmaEFMsMsGnamDBfRGbXaOiTdrLU4A0EO Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 09.01.2014 01:08, Chris Reffett wrote: > On 01/07/2014 08:42 PM, Tobias Heinlein wrote: >> On 08.01.2014 02:40, Tobias Heinlein wrote: >>> Our new approach works more like a whitelist; >=20 >> "more like a blacklist", that is. >=20 >=20 > I kind of would like the workaround field to remain (but perhaps be > optional) since I have seen a few vulns that actually did have > functional workarounds. Not absolutely necessary. >=20 Does it need to have its own field, can't it be part of the (temporary) resolution? > Chris Reffett >=20 --=20 Alex Legler Gentoo Security/Ruby/Infrastructure --HmaEFMsMsGnamDBfRGbXaOiTdrLU4A0EO Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSzsN2AAoJEDa6ZWES7jAAvawP/jlXripmdeUDrAitDk5JEvTv V0zIbJb7FnWBl4+fHHcKiagVeHQ2qYn4+iwBEHl7NjzJmymFmC3eKt25Z5YOTxv/ rqLyIx22XGSCA0SPTlJa/g7DD//uOJG8TrOenzUrrbbNYGtCAUU63MQsgXbWNzWL xyvHEYWrzwU6BRF8zGsdUprHMeVEaUer18wVgp9sFokygks6zi/42IAPQeIR/xP+ pBtT8xltCqHtO6i7zgoXCA1hfVtwUOESJ8qV+3xef/Ljvl9XCLm82hJfNF45PnM6 lvQg/tlOH7f7awXmTS3v7FvdDkPj/aKvjXvjyp0ycSpubIQwd9O7VG8OqCqP+jpM jez3G1BBZ3rNjJOYXeCgscJZyJiCtJjejGpYTTXXOMLny7s4jvP4v+Tp3TWmX+PX 5NdWTU4uZdl5QqNHPn88FCFN1AagBP0JmTZ7BANEZieJ/y/JTg3wMcHd3Jh6WGTF s537UBML7f0eTMscNyxj0iX1xWc4VdYQ2euQBQXecO6Y6uo8vg674afFyE67Cu3r yE94Y5wJt/bOeYT7Ws5fWqk4aVcHF+VFavyfilgLoHrx/Z+lZkjkbSdXYZn0l8Lu TsAIYxaaAHP0E0OCr9kVqhSosukmv6NboGMPmhCphNoGPs9xQ+jEj6AqyOAwUy5S EO8fxE5rIbKmmDA9Tdot =lf1k -----END PGP SIGNATURE----- --HmaEFMsMsGnamDBfRGbXaOiTdrLU4A0EO--