On Sat, 17 Sep 2011 11:17:56 +0200 Florian Philipp <[email protected]> wrote:
> Hi list! > > Since GLSAs are in their current state of disregard, I'm searching for > another way to be informed about security fixes. What do you think is > the best approach here? > > Querying bugzilla for recently fixed security bugs like [1]? > > Searching for the term 'security bug' or something similar in > Changelogs? > > Looking at some other web site or distribution and anticipate changes > in in the portage tree? > > [1] > https://bugs.gentoo.org/buglist.cgi?list_id=428229;query_format=advanced;chfield=bug_status;chfieldfrom=2011-06-01;chfieldto=Now;chfieldvalue=RESOLVED;component=Security If you just want to be informed out the state of security of packages, subscribe to the security lists of other distros. I find RedHat and Fedora to be useful and up to date. If you see something that looks like you need to take action, find the corresponding Gentoo package and investigate further. If you need to be on the cutting edge of security issues, then you need to be on the various vuln disclosure lists around. But be warned, they can be noisy and you have to train your brain in what to ignore -- Alan McKinnnon [email protected]
