According to solar of #gentoo-security, the current (apparently undocumented) policy is to not create GLSAs for kernel vulnerabilities. I would greatly appreciate if this were to be reconsidered, or failing this, documented -- it's good to at least know that individual Gentoo users need to separately track GLSAs and kernel vulnerabilities. I personally assumed that GLSAs were created for kernel vulnerabilities, as http://www.gentoo.org/security/en/ does not mention the kernel exemption.
Agreed; if GLSAs can't be provided for kernel vulns it really should be prominently declared that users are on their own as far as tracking kernel security...
Agreed. This matter has drawn out for far too long :-( I have now updated Policy reflect the current situation. "Soon" we should be able to offer a solution for kernel security issues. Keep an eye out for an announcement in the GWN and an update of the policy.
*** Bug 144575 has been marked as a duplicate of this bug. ***