On Wed, Jul 14, 2021 at 10:49:34AM +0200, Andreas K. Huettel wrote:
> > >
> > > 1) either the severity assignment of this bug by the Security project as
> > > B1 wrong (i.e. it should have been classified "harmless")
> Well, over the last year or so every 2-3 months the (uninformed)
> >
> > 1) either the severity assignment of this bug by the Security project as B1
> > wrong (i.e. it should have been classified "harmless")
> >
>
> The Gentoo model is not perfect and should be overhauled. However, it
> works for most things and sometimes bugs fall between the cracks.
>
>
On Wed, Jul 14, 2021 at 12:04:34AM +0200, Andreas K. Huettel wrote:
>
> > The package was masked due to a miscommunication with the Gentoo
> > Security project.
> >
> > While it is true that the way opentmpfiles is currently implemented
> > allows for certain races, from the security point of
> The package was masked due to a miscommunication with the Gentoo
> Security project.
>
> While it is true that the way opentmpfiles is currently implemented
> allows for certain races, from the security point of view, you always
> have to classify the vulnerability in context of your threat
On Sun, 2021-07-11 at 15:53 +0200, Thomas Deutschmann wrote:
>
> Furthermore, tmpfiles.d settings are only supposed for creation,
> deletion and cleaning of volatile and temporary files. Any package which
> will install tmpfiles.d settings which will create files in persistent
> locations
On Sun, Jul 11, 2021 at 03:53:31PM +0200, Thomas Deutschmann wrote:
> Hi,
>
> TL;DR:
>
> Given that William said in the meanwhile, he sees no future for
> opentmpfiles [1] and that nobody else, including me, is interested in
> stepping up, things have changed.
Add this reference as well if
Hi,
TL;DR:
Given that William said in the meanwhile, he sees no future for
opentmpfiles [1] and that nobody else, including me, is interested in
stepping up, things have changed.
Please start with the normal last-rite process and please please please,
rephrase the news item and do not tell