Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

No GLSA for the latest kernel flaw !
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Gentoo Chat
View previous topic :: View next topic  
Author Message
Koon
Retired Dev
Retired Dev


Joined: 10 Dec 2002
Posts: 518
PostPosted: Mon Feb 23, 2004 4:23 pm    Post subject: No GLSA for the latest kernel flaw ! Reply with quote
Hi folks,

On Feb 18 last week was uncovered a significant vulnerability in the kernel. Advisories for a lot of vendors followed :
Debian, Fedora, RedHat, Slackware, Trustix : 18/2
SUSE : 19/2
Turbolinux : 23/2

But no GLSA from Gentoo. There has been a discussion on gentoo-dev but only to conclude that 2.6.3 and 2.4.25 users were immune to the flaw. The delay seems to come from the necessity to issue the GLSA only after all kernel sources have been patched and tested.

My opinion on this is that if official GLSA's are only to be released when everything is ready, maybe we need some kind of other security-communication channel. Gentoo users should be able to learn about the flaw without having to follow non-Gentoo security groups. They should already know that 2.6.3 and 2.4.25 sources, already in portage, will make them safer.

Or maybe there should be incremental GLSA's like RedHat did : issue an advisory as soon as you get one source package fixed (the vanilla-sources are the easy candidate) then issue other advisories (replacing the first one) when you have more.

I would like everyone's opinion on this (hopefully Gentoo's security team listens). Am I wrong ? Am I right ?

-K
Back to top
View user's profile Send private message
Koon
Retired Dev
Retired Dev


Joined: 10 Dec 2002
Posts: 518
PostPosted: Mon Feb 23, 2004 4:48 pm    Post subject: Reply with quote
From a discussion I just had on #gentoo-security it seems the GLSA (which will cover more than one flaw) will be ready soon.
I also understand that the Gentoo-security team is aware that the alert mecanism is not perfect and looks for solutions to improve it.

-K
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Gentoo Chat All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy