-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Luca Barbato a écrit : > Here is a list of interesting questions: "Are we fine?" "What are we > going to do?" > > Please project leaders try to reply in short. >
Ok, technically I'm not security lead, but since I and rbu almost completely handled the security team since 2 months, I think I can at least give my opinions on what's going on. > About the stuff I'm involved: > > Are we fine? security: Well, with an average of ~ 1 GLSA/day for November and December, things are going a little bit better than some months ago. We still have too many open bugs (~115),but we tend to be a little more reactive since we now actively monitor the vendor-security mailing list plus the freshly attributed CVE ids, so we're able to file bugs and get them corrected before they go public. This also means arches security liaisons should be prepared to get called more often from now on. > > What are we going to do: > Personally, I'd like that we become more regular for the GLSA releases, instead of doing nothing for days then rushing to send 10 GLSAs in 2 days. I'd also like to take care of the really old bugs, say, opened for at least 6 months (~25 at the moment). Don't know if we'll manage to do it, but at least we'll try. This was a (very) short reply, sec team members are of course welcome to complete. - -- Pierre-Yves Rofes Gentoo Linux Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHhVS1uhJ+ozIKI5gRAqbnAJ9URJQ2fMFdjrpaER1dKF+ws4VDQQCdHZ98 2rCq9l3JGrxfSXZNttN40ok= =5N0K -----END PGP SIGNATURE----- -- gentoo-dev@lists.gentoo.org mailing list
