144540 – Please create GLSAs for kernel vulnerabilities

Bug 144540 - Please create GLSAs for kernel vulnerabilities

Summary: Please create GLSAs for kernel vulnerabilities

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	GLSA Errors (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Duplicates (1):	144575 (view as bug list)
Depends on:
Blocks:

Reported:	2006-08-20 10:37 UTC by katerina
Modified:	2006-08-20 19:53 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description katerina 2006-08-20 10:37:03 UTC

According to solar of #gentoo-security, the current (apparently undocumented) policy is to not create GLSAs for kernel vulnerabilities.  I would greatly appreciate if this were to be reconsidered, or failing this, documented -- it's good to at least know that individual Gentoo users need to separately track GLSAs and kernel vulnerabilities.  I personally assumed that GLSAs were created for kernel vulnerabilities, as http://www.gentoo.org/security/en/ does not mention the kernel exemption.

Comment 1 Jon Portnoy (RETIRED) gentoo-dev

2006-08-20 10:46:48 UTC

Agreed; if GLSAs can't be provided for kernel vulns it really should be prominently declared that users are on their own as far as tracking kernel security...

Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-08-20 12:14:19 UTC

Agreed. This matter has drawn out for far too long :-(

I have now updated Policy reflect the current situation.

"Soon" we should be able to offer a solution for kernel security issues.

Keep an eye out for an announcement in the GWN and an update of the policy.

Comment 3 Tim Yamin (RETIRED) gentoo-dev

2006-08-20 19:53:13 UTC

*** Bug 144575 has been marked as a duplicate of this bug. ***