Re: [gentoo-dev] Why masks are being used for security issues instead of GLSA?

2014-09-30 Thread Sergey Popov
30.09.2014 14:11, Pacho Ramos пишет: > El mar, 30-09-2014 a las 13:47 +0400, Sergey Popov escribió: > [...] >> I think you are get some things wrong - they are masked not instead of >> GLSA, but prior to it. >> >> Let me explain the process on behalf on my security hat - before >> releasing GLSA we

Re: [gentoo-dev] Why masks are being used for security issues instead of GLSA?

2014-09-30 Thread Pacho Ramos
El mar, 30-09-2014 a las 13:47 +0400, Sergey Popov escribió: [...] > I think you are get some things wrong - they are masked not instead of > GLSA, but prior to it. > > Let me explain the process on behalf on my security hat - before > releasing GLSA we should rid of all vulnerable versions in tre

Re: [gentoo-dev] Why masks are being used for security issues instead of GLSA?

2014-09-30 Thread Sergey Popov
25.09.2014 16:42, Andrew Savchenko пишет: > Hello, > > many packages in tree are masked due to security issues instead of > issuing GLSA for them. Why? At this moment I counted 56 such > packages in package.mask. > > Some of these packages have GLSAs issued (e.g. nethack and friends) > and have n

Re: [gentoo-dev] Why masks are being used for security issues instead of GLSA?

2014-09-25 Thread Paweł Hajdan, Jr.
On 9/25/14 6:03 AM, Alex Xu wrote: > 1. one of your examples is clearly wrong, mariadb has no masked > versions in the tree. > > 2. since you claim to have read package.mask, [...] if you bothered > to read a single one of them, they will have said that there is a > GLSA in progress or that stabil

Re: [gentoo-dev] Why masks are being used for security issues instead of GLSA?

2014-09-25 Thread Brian Evans
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 9/25/2014 8:42 AM, Andrew Savchenko wrote: > Hello, > > many packages in tree are masked due to security issues instead of > issuing GLSA for them. Why? At this moment I counted 56 such > packages in package.mask. > > Some of these packages have

Re: [gentoo-dev] Why masks are being used for security issues instead of GLSA?

2014-09-25 Thread Alex Xu
On 25/09/14 08:42 AM, Andrew Savchenko wrote: > Hello, > > many packages in tree are masked due to security issues instead of > issuing GLSA for them. Why? At this moment I counted 56 such > packages in package.mask. > > Some of these packages have GLSAs issued (e.g. nethack and friends) > and ha

[gentoo-dev] Why masks are being used for security issues instead of GLSA?

2014-09-25 Thread Andrew Savchenko
Hello, many packages in tree are masked due to security issues instead of issuing GLSA for them. Why? At this moment I counted 56 such packages in package.mask. Some of these packages have GLSAs issued (e.g. nethack and friends) and have no fixes, so this is understandable. But most packages are