On Thu, Jan 29, 2015 at 7:53 PM, Grant <emailgr...@gmail.com> wrote: > > glsa-check is working fine, it was a slotted issue. Still curious > about a way to check for statically linked packages. >
False positives in glsa data aren't unheard of - log those as bugs - vulnerable versions should be masked, and non-vulnerable versions shouldn't be flagged. So, if an unmasked package is flagged, there is a bug of some kind that should be fixed. Glsa's aren't sent out right now until the last arch is stable. -- Rich
