Dirkjan Ochtman posted on Sat, 18 Jan 2014 17:33:36 +0100 as excerpted: > On Sat, Jan 18, 2014 at 5:30 PM, Pacho Ramos <pa...@gentoo.org> wrote: >> What I want to achieve is to try to get this problem solved, I don't >> think has any sense to have pending GLSA bugs waiting for ages (yes, >> ages), I see this for really a lot of packages, the pointed one was >> only one example, but there are many more (like glib, dotnet stuff...) > > From my perception, the security team in recent months has gone through > great lengths to improve the process and to work on the backlog of old > security bugs. AIUI, this *is* getting fixed, it just takes some time to > fix it properly.
Same here. I've been glad to see the GLSAs moving again, even if seeing LWN mention that it's a three-year-out (or was it five?) notice is a bit ... gulp-worthy... even if on ~arch plus hard-unmasked pre-release overlays I rarely see a GLSA that actually applies to me. (Tho I'd just done the NTP update, noting the security issue from the changelog, and was glad to see the official GLSA for it with additional detail.) Still, if it's five years out and catching up, at least we have people working on it now and it's happening! =:^) But it's good to see this thread with the details posted. There was mention that it had been discussed on dev before, but if so, I hadn't seen it, at least in that detail. So I believe it was a reasonable question, with now a reasonable answer. =:^) Thanks again. That's a vital bit of gentoo that got stuck for a bit, and I'm very appreciative that /someone/ is doing that hard and unglamorous work without a lot of thanks. =:^) -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman
