Steve Long wrote:
Daniel Drake wrote:
Construction of a dynamic website for tracking kernel security issues.
There are too many of them and too many kernels to do this through the
normal GLSA process, and currently users are kept in the dark about
fixed security issues.
Who put's up the "fixed security issues"?
Nobody, that's the point of this project. We currently don't have GLSA
or any other form of security announcements for kernel packages.
Tim had started developing a site for this ("KISS") but it was never
finished and had the large downside that it relies upon an operator
duplicating lots of information from bugzilla and the ebuild tree into
KISS.
Such a system would be able to automatically pull a large proportion of
the required information relatively easily. It would offer functionality
to allow users to sign up for security announcements and fixes for their
kernel(s) of choice, as well as feeding the same info into a mailing
list for all kernels.
If you can put it thru repoman (or some other script) it can be automated.
It can't be pulled at that level. But as I said, yes, it can be
automated, thanks for agreeing ;)
The existing data which needs to be aggregated is mostly held on bugzilla.
Daniel
--
gentoo-dev@gentoo.org mailing list
