On Monday 16 April 2007 20:31, Sune Kloppenborg Jeppesen wrote: > I agree that policy should be updated to reflect this but that got bogged > down by other issues last I tried. I'll try again. Ohh well, I must have dropped my memory somewhere I forgot:(
I actually updated the Gentoo Linux Vulnerability Treatment Policy¹ last August to reflect that: "Kernels Currently kernels are not covered by the GLSA release process. Vulnerabilities must still be reported and will be fixed, but no GLSA will be issued when everything is solved. Note: This policy should be changed when new tools are added to cover security vulnerabilities affecting the different kernel sources." ¹ http://www.gentoo.org/security/en/vulnerability-policy.xml -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team
pgpqh3EmJD7P3.pgp
Description: PGP signature
