On Wednesday, July 6, 2016 8:15:24 PM JST, Anthony G. Basile wrote:
On 7/6/16 6:54 AM, Aaron Bauman wrote:
On Wednesday, July 6, 2016 5:10:25 PM JST, Anthony G. Basile wrote: ...
Except that I state such facts BEFORE the p.mask and you ignored it.
Referring to bug #473770:
<Comment #2>
(In reply to Anthony Basile from comment #1)
The CVE for this has gone nowhere. See
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2183
There are no references and I can't get at the upstream bug report anymore
since they moved to github.
Actually, I found it. Its fixed:
https://github.com/monkey/monkey/issues/93
</Comment #2>
<Comment #3>
Aaron Bauman gentoo-dev Security 2016-07-01 01:39:40 UTC
# Aaron Bauman <[email protected]> (1 Jul 2016)
# Unpatched security vulnerabilities and dead upstream
# per bugs #459274 and #473770 Removal in 30 days
www-servers/monkeyd
</Comment #3>
People reading following this can clearly see the problem here.
I'm also disappointed that no one else in the security team has
recommended any internal policing in response to this. I maintain that
forced p.masking and version bumping should not be done by the security
team but passed to QA for review. Only QA is mandated with such powers
by GLEP 48.
What kind of policing would you like to see councilman? Would you like to
see me removed from the project, because your precious package was
p.masked? You have ignored every thing I have said regarding your
inability to work with the security team. Even after an apology from me
and a request to work with us you continue on with the rhetoric of powers.
It displays a lot about your inability to work with others.
No other developer is complaining... it is *literally* only you.
NP-Hardass's case was not even a security bug nor handled by the security
team. One of the bugs for monkeyd led to additional discovery of
insecurities regarding log files, but it took a p.mask to get your
attention. Quit pushing an agenda and work with others to make Gentoo more
secure. Everyone else is.
