30.09.2014 14:11, Pacho Ramos пишет:
> El mar, 30-09-2014 a las 13:47 +0400, Sergey Popov escribió:
> [...]
>> I think you are get some things wrong - they are masked not instead of
>> GLSA, but prior to it.
>>
>> Let me explain the process on behalf on my security hat - before
>> releasing GLSA we
El mar, 30-09-2014 a las 13:47 +0400, Sergey Popov escribió:
[...]
> I think you are get some things wrong - they are masked not instead of
> GLSA, but prior to it.
>
> Let me explain the process on behalf on my security hat - before
> releasing GLSA we should rid of all vulnerable versions in tre
25.09.2014 16:42, Andrew Savchenko пишет:
> Hello,
>
> many packages in tree are masked due to security issues instead of
> issuing GLSA for them. Why? At this moment I counted 56 such
> packages in package.mask.
>
> Some of these packages have GLSAs issued (e.g. nethack and friends)
> and have n
On 9/25/14 6:03 AM, Alex Xu wrote:
> 1. one of your examples is clearly wrong, mariadb has no masked
> versions in the tree.
>
> 2. since you claim to have read package.mask, [...] if you bothered
> to read a single one of them, they will have said that there is a
> GLSA in progress or that stabil
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 9/25/2014 8:42 AM, Andrew Savchenko wrote:
> Hello,
>
> many packages in tree are masked due to security issues instead of
> issuing GLSA for them. Why? At this moment I counted 56 such
> packages in package.mask.
>
> Some of these packages have
On 25/09/14 08:42 AM, Andrew Savchenko wrote:
> Hello,
>
> many packages in tree are masked due to security issues instead of
> issuing GLSA for them. Why? At this moment I counted 56 such
> packages in package.mask.
>
> Some of these packages have GLSAs issued (e.g. nethack and friends)
> and ha
Hello,
many packages in tree are masked due to security issues instead of
issuing GLSA for them. Why? At this moment I counted 56 such
packages in package.mask.
Some of these packages have GLSAs issued (e.g. nethack and friends)
and have no fixes, so this is understandable. But most packages are