On Friday 01 December 2006 13:47, Chris Gianelloni wrote: > Actually, we would have to review the process, since not everything that > gets a security bug ends up with a GLSA. My current loose rule is that > if it deserves a GLSA, then it deserves and update, but I don't know the > exact criteria the security team uses to decide if something warrants a > GLSA or not. http://www.gentoo.org/security/en/vulnerability-policy.xml
For relation between severity level and GLSA publication see Dispatch. Basically everything that ends up with Trivial severity level will NOT get a GLSA and everything that ends up with Minor severity level will get a vote from the Security team members. Two yes or no votes normally wins. Everything else gets a GLSA. Then you have to add in Security supported architectures, but that's really of no concern to x86. -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team
pgp5S2l2N6A2k.pgp
Description: PGP signature
