Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 52500

Summary: GLSA's reference incorrect ebuilds after renames
Product: Gentoo Security Reporter: Frido Ferdinand <frido.ferdinand>
Component: GLSA ErrorsAssignee: Portage team <dev-portage>
Status: IN_PROGRESS ---    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=737962
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: Script for checking moved packages against current GLSA corpus
glsamoves-20071230

Description Frido Ferdinand 2004-05-30 16:25:04 UTC 
glsa-check misses ebuilds that have been moved to another name, example:

200404-10: iproute local Denial of Service vulnerability

affected ebuild: sys-apps/iproute

this app has been moved to sys-apps/iproute2

glsa will not noticed the moved name and will asume it has not been installed

200404-10 [U] iproute local Denial of Service vulnerability ( sys-apps/iproute )




Reproducible: Always
Steps to Reproduce:
1.
2.
3.
Comment 1 Marius Mauch (RETIRED) gentoo-dev 2004-05-30 22:50:55 UTC 
This has to be fixed somehow else, probably the GLSAs should be updated in CVS.
Comment 2 Nicholas Jones (RETIRED) gentoo-dev 2004-06-05 16:13:11 UTC 
Security guys: Want to take a look at this and give opinions?

I'd imagine it'd be a good idea to check GLSAs against the current CVS
packages to ensure that they match up and adjust them appropriately.

We could possibly adjust the glsa-security features to handle this,
but it's probably a good idea to maintain the current names of the
packages (maybe in addition?).
Comment 3 Kurt Lieber (RETIRED) gentoo-dev 2004-06-06 07:28:08 UTC 
We can certainly update the GLSAs, but that will largely be a reactionary measure.  (i.e. someone will first have to notice that an existing GLSA is wrong and the affected package has moved categories)

If there is a way to notify us when a GLSA is affected by a category move, that would be very helpful - that would alert us to update the GLSA much more quickly.
Comment 4 Marius Mauch (RETIRED) gentoo-dev 2004-06-06 09:59:00 UTC 
Well, you could use the update files (in gentoo-x86/profiles/updates) and do crosschecks with existing GLSAs in a script that's called by loginfo.
Comment 5 Thierry Carrez (RETIRED) gentoo-dev 2004-12-01 08:07:42 UTC 
Created attachment 45055 [details]
Script for checking moved packages against current GLSA corpus

I wrote a quick perl script to find the current moves (see attachment).
There is a ton of GLSAs needing fixes :)
Comment 6 Thierry Carrez (RETIRED) gentoo-dev 2004-12-01 08:08:42 UTC 
$ perl check_movedpackages.pl | sort
Parsing GLSAs...
Parsing updates...
/usr/portage/metadata/glsa/glsa-200402-03.xml net-www/monkeyd -> www-servers/monkeyd
/usr/portage/metadata/glsa/glsa-200402-04.xml app-misc/gallery -> www-apps/gallery
/usr/portage/metadata/glsa/glsa-200402-07.xml net-mail/clamav -> app-antivirus/clamav
/usr/portage/metadata/glsa/glsa-200403-06.xml net-mail/courier -> mail-mta/courier
/usr/portage/metadata/glsa/glsa-200404-07.xml net-mail/clamav -> app-antivirus/clamav
/usr/portage/metadata/glsa/glsa-200404-10.xml sys-apps/iproute -> sys-apps/iproute2
/usr/portage/metadata/glsa/glsa-200404-18.xml net-mail/ssmtp -> mail-mta/ssmtp
/usr/portage/metadata/glsa/glsa-200405-03.xml net-mail/clamav -> app-antivirus/clamav
/usr/portage/metadata/glsa/glsa-200405-07.xml net-mail/exim -> mail-mta/exim
/usr/portage/metadata/glsa/glsa-200405-08.xml net-www/pound -> www-servers/pound
/usr/portage/metadata/glsa/glsa-200405-16.xml net-mail/squirrelmail -> mail-client/squirrelmail
/usr/portage/metadata/glsa/glsa-200406-09.xml net-www/horde-chora -> www-apps/horde-chora
/usr/portage/metadata/glsa/glsa-200406-10.xml app-misc/gallery -> www-apps/gallery
/usr/portage/metadata/glsa/glsa-200406-11.xml net-www/horde-imp -> www-apps/horde-imp
/usr/portage/metadata/glsa/glsa-200406-20.xml net-misc/freeswan -> net-misc/openswan
/usr/portage/metadata/glsa/glsa-200406-20.xml net-misc/super-freeswan -> net-misc/openswan
/usr/portage/metadata/glsa/glsa-200407-09.xml net-www/moinmoin -> www-apps/moinmoin
/usr/portage/metadata/glsa/glsa-200408-07.xml net-www/horde-imp -> www-apps/horde-imp
/usr/portage/metadata/glsa/glsa-200408-09.xml net-www/roundup -> www-apps/roundup
/usr/portage/metadata/glsa/glsa-200408-25.xml net-www/moinmoin -> www-apps/moinmoin
Comment 7 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-02-13 05:19:13 UTC 
Apart from net-misc/freeswan -> net-misc/openswan all fixed in GLSAmaker.

Fixed:     # emerge -pv ">=net-ww/moinmoin-1.2.2"

Only updated revsion on the two first. Thierry care to develop your script to do it automatically if possible?
Comment 8 Thierry Carrez (RETIRED) gentoo-dev 2005-02-13 05:28:30 UTC 
In some cases the package is not really moved... It's just replaced. In those cases we shouldn't update the GLSA imho. So... completely automating may not be smart, I should ask for confirmation on each update.
Comment 9 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-02-13 06:05:29 UTC 
I didn't update the swan GLSAs for the same reason. Maybe I should revert iproute?
Comment 10 Thierry Carrez (RETIRED) gentoo-dev 2005-02-13 09:50:01 UTC 
I think iproute->iproute2 is ok.
Comment 11 Thierry Carrez (RETIRED) gentoo-dev 2005-02-14 13:43:09 UTC 
3 more to do :

app-sci/chessbrain -> sci-misc/chessbrain
app-sci/gimps -> sci-mathematics/gimps
app-sci/setiathome -> sci-astronomy/setiathome
Comment 12 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-02-14 13:56:18 UTC 
Actually they're all in glsa-200411-26. Which is now fixed in GLSAmaker.
Comment 13 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-03-10 10:31:04 UTC 
Koon any further work on this one?
Comment 14 Thierry Carrez (RETIRED) gentoo-dev 2005-04-10 10:07:51 UTC 
There is always more to do:

/usr/portage/metadata/glsa/glsa-200311-02.xml net-www/opera -> www-client/opera
/usr/portage/metadata/glsa/glsa-200401-01.xml sys-kernel/development-sources -> sys-kernel/vanilla-sources
/usr/portage/metadata/glsa/glsa-200401-01.xml sys-kernel/gentoo-dev-sources -> sys-kernel/gentoo-sources
/usr/portage/metadata/glsa/glsa-200402-03.xml net-www/monkeyd -> www-servers/monkeyd
/usr/portage/metadata/glsa/glsa-200402-04.xml app-misc/gallery -> www-apps/gallery
/usr/portage/metadata/glsa/glsa-200402-06.xml sys-kernel/development-sources -> sys-kernel/vanilla-sources
/usr/portage/metadata/glsa/glsa-200402-06.xml sys-kernel/gentoo-dev-sources -> sys-kernel/gentoo-sources
/usr/portage/metadata/glsa/glsa-200402-07.xml net-mail/clamav -> app-antivirus/clamav
/usr/portage/metadata/glsa/glsa-200403-02.xml sys-kernel/development-sources -> sys-kernel/vanilla-sources
/usr/portage/metadata/glsa/glsa-200403-02.xml sys-kernel/gentoo-dev-sources -> sys-kernel/gentoo-sources
/usr/portage/metadata/glsa/glsa-200403-02.xml sys-kernel/hppa-dev-sources -> sys-kernel/hppa-sources
/usr/portage/metadata/glsa/glsa-200403-06.xml net-mail/courier -> mail-mta/courier
/usr/portage/metadata/glsa/glsa-200404-07.xml net-mail/clamav -> app-antivirus/clamav
/usr/portage/metadata/glsa/glsa-200404-10.xml sys-apps/iproute -> sys-apps/iproute2
/usr/portage/metadata/glsa/glsa-200404-18.xml net-mail/ssmtp -> mail-mta/ssmtp
/usr/portage/metadata/glsa/glsa-200405-03.xml net-mail/clamav -> app-antivirus/clamav
/usr/portage/metadata/glsa/glsa-200405-07.xml net-mail/exim -> mail-mta/exim
/usr/portage/metadata/glsa/glsa-200405-08.xml net-www/pound -> www-servers/pound
/usr/portage/metadata/glsa/glsa-200405-16.xml net-mail/squirrelmail -> mail-client/squirrelmail
/usr/portage/metadata/glsa/glsa-200405-19.xml net-www/opera -> www-client/opera
/usr/portage/metadata/glsa/glsa-200406-09.xml net-www/horde-chora -> www-apps/horde-chora
/usr/portage/metadata/glsa/glsa-200406-10.xml app-misc/gallery -> www-apps/gallery
/usr/portage/metadata/glsa/glsa-200406-11.xml net-www/horde-imp -> www-apps/horde-imp
/usr/portage/metadata/glsa/glsa-200407-02.xml sys-kernel/development-sources -> sys-kernel/vanilla-sources
/usr/portage/metadata/glsa/glsa-200407-02.xml sys-kernel/gentoo-dev-sources -> sys-kernel/gentoo-sources
/usr/portage/metadata/glsa/glsa-200407-02.xml sys-kernel/hardened-dev-sources -> sys-kernel/hardened-sources
/usr/portage/metadata/glsa/glsa-200407-02.xml sys-kernel/hppa-dev-sources -> sys-kernel/hppa-sources
/usr/portage/metadata/glsa/glsa-200407-02.xml sys-kernel/pegasos-dev-sources -> sys-kernel/pegasos-sources
/usr/portage/metadata/glsa/glsa-200407-02.xml sys-kernel/rsbac-dev-sources -> sys-kernel/rsbac-sources
/usr/portage/metadata/glsa/glsa-200407-09.xml net-www/moinmoin -> www-apps/moinmoin
/usr/portage/metadata/glsa/glsa-200407-12.xml sys-kernel/development-sources -> sys-kernel/vanilla-sources
/usr/portage/metadata/glsa/glsa-200407-12.xml sys-kernel/gentoo-dev-sources -> sys-kernel/gentoo-sources
/usr/portage/metadata/glsa/glsa-200407-12.xml sys-kernel/hardened-dev-sources -> sys-kernel/hardened-sources
/usr/portage/metadata/glsa/glsa-200407-12.xml sys-kernel/hppa-dev-sources -> sys-kernel/hppa-sources
/usr/portage/metadata/glsa/glsa-200407-12.xml sys-kernel/pegasos-dev-sources -> sys-kernel/pegasos-sources
/usr/portage/metadata/glsa/glsa-200407-12.xml sys-kernel/rsbac-dev-sources -> sys-kernel/rsbac-sources
/usr/portage/metadata/glsa/glsa-200407-15.xml net-www/opera -> www-client/opera
/usr/portage/metadata/glsa/glsa-200407-16.xml sys-kernel/development-sources -> sys-kernel/vanilla-sources
/usr/portage/metadata/glsa/glsa-200407-16.xml sys-kernel/gentoo-dev-sources -> sys-kernel/gentoo-sources
/usr/portage/metadata/glsa/glsa-200407-16.xml sys-kernel/hardened-dev-sources -> sys-kernel/hardened-sources
/usr/portage/metadata/glsa/glsa-200407-16.xml sys-kernel/hppa-dev-sources -> sys-kernel/hppa-sources
/usr/portage/metadata/glsa/glsa-200407-16.xml sys-kernel/pegasos-dev-sources -> sys-kernel/pegasos-sources
/usr/portage/metadata/glsa/glsa-200407-16.xml sys-kernel/rsbac-dev-sources -> sys-kernel/rsbac-sources
/usr/portage/metadata/glsa/glsa-200408-05.xml net-www/opera -> www-client/opera
/usr/portage/metadata/glsa/glsa-200408-07.xml net-www/horde-imp -> www-apps/horde-imp
/usr/portage/metadata/glsa/glsa-200408-09.xml net-www/roundup -> www-apps/roundup
/usr/portage/metadata/glsa/glsa-200408-22.xml net-www/epiphany -> www-client/epiphany
/usr/portage/metadata/glsa/glsa-200408-22.xml net-www/galeon -> www-client/galeon
/usr/portage/metadata/glsa/glsa-200408-22.xml net-www/mozilla-bin -> www-client/mozilla-bin
/usr/portage/metadata/glsa/glsa-200408-22.xml net-www/mozilla-firefox-bin -> www-client/mozilla-firefox-bin
/usr/portage/metadata/glsa/glsa-200408-22.xml net-www/mozilla-firefox -> www-client/mozilla-firefox
/usr/portage/metadata/glsa/glsa-200408-22.xml net-www/mozilla -> www-client/mozilla
/usr/portage/metadata/glsa/glsa-200408-24.xml sys-kernel/development-sources -> sys-kernel/vanilla-sources
/usr/portage/metadata/glsa/glsa-200408-24.xml sys-kernel/gentoo-dev-sources -> sys-kernel/gentoo-sources
/usr/portage/metadata/glsa/glsa-200408-24.xml sys-kernel/hardened-dev-sources -> sys-kernel/hardened-sources
/usr/portage/metadata/glsa/glsa-200408-24.xml sys-kernel/hppa-dev-sources -> sys-kernel/hppa-sources
/usr/portage/metadata/glsa/glsa-200408-24.xml sys-kernel/pegasos-dev-sources -> sys-kernel/pegasos-sources
/usr/portage/metadata/glsa/glsa-200408-24.xml sys-kernel/rsbac-dev-sources -> sys-kernel/rsbac-sources
/usr/portage/metadata/glsa/glsa-200408-25.xml net-www/moinmoin -> www-apps/moinmoin
/usr/portage/metadata/glsa/glsa-200409-26.xml net-www/epiphany -> www-client/epiphany
/usr/portage/metadata/glsa/glsa-200409-26.xml net-www/mozilla-bin -> www-client/mozilla-bin
/usr/portage/metadata/glsa/glsa-200409-26.xml net-www/mozilla-firefox-bin -> www-client/mozilla-firefox-bin
/usr/portage/metadata/glsa/glsa-200409-26.xml net-www/mozilla-firefox -> www-client/mozilla-firefox
/usr/portage/metadata/glsa/glsa-200409-26.xml net-www/mozilla -> www-client/mozilla
/usr/portage/metadata/glsa/glsa-200411-26.xml app-sci/chessbrain -> sci-misc/chessbrain
/usr/portage/metadata/glsa/glsa-200411-26.xml app-sci/gimps -> sci-mathematics/gimps
/usr/portage/metadata/glsa/glsa-200411-26.xml app-sci/setiathome -> sci-astronomy/setiathome
/usr/portage/metadata/glsa/glsa-200411-27.xml sys-apps/fcron -> sys-process/fcron
/usr/portage/metadata/glsa/glsa-200501-03.xml net-www/mozilla-bin -> www-client/mozilla-bin
/usr/portage/metadata/glsa/glsa-200501-03.xml net-www/mozilla-firefox-bin -> www-client/mozilla-firefox-bin
/usr/portage/metadata/glsa/glsa-200501-03.xml net-www/mozilla-firefox -> www-client/mozilla-firefox
/usr/portage/metadata/glsa/glsa-200501-03.xml net-www/mozilla -> www-client/mozilla
/usr/portage/metadata/glsa/glsa-200502-17.xml net-www/opera -> www-client/opera
/usr/portage/metadata/glsa/glsa-200503-10.xml net-www/mozilla-firefox-bin -> www-client/mozilla-firefox-bin
/usr/portage/metadata/glsa/glsa-200503-10.xml net-www/mozilla-firefox -> www-client/mozilla-firefox
Comment 15 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-04-12 00:06:30 UTC 
Some of these are already fixed in GLSAmaker as previously noted.
Comment 16 Thierry Carrez (RETIRED) gentoo-dev 2005-09-30 08:15:04 UTC 
I fixed all in CVS directly as of today. The remaining ones are package
replacements rather than package moved, and should be left alone.
Comment 17 Jason Stubbs (RETIRED) gentoo-dev 2005-10-07 09:25:20 UTC 
Is a standing strategy against this happening again (if it hasn't already) been 
put into place or is some sort of dynamic atom translation required?
Comment 18 Thierry Carrez (RETIRED) gentoo-dev 2005-10-07 11:42:54 UTC 
Jason: no, nothing is put in place to prevent any package move to wreck
everything again. 

No idea how we could do... the name changes, we need to update the GLSA. Or 
clutter Portage by leaving a marker behind ? Or improve glsa-check so that it
checks the updates file ?
Comment 19 Jason Stubbs (RETIRED) gentoo-dev 2005-10-07 19:45:47 UTC 
It'd slow down glsa-check a bit, but it'd be possible to reverse-transform the  
atoms and match each of them.
Comment 20 Marius Mauch (RETIRED) gentoo-dev 2005-10-08 07:44:43 UTC 
(In reply to comment #19)
> It'd slow down glsa-check a bit, but it'd be possible to reverse-transform the  
> atoms and match each of them. 

Would only help glsa-check users though, the GLSAs themselves (including
instructions etc.) would still be "wrong". I'd rather think about a commit hook
in profiles/updates/ to notify people/run a script/whatever.
Comment 21 Marius Mauch (RETIRED) gentoo-dev 2005-12-04 09:55:41 UTC 
Not dev-portage related from my POV, if you want something in glsa.py please
open a new bug for tools-portage.
Comment 22 Robert Buchholz (RETIRED) gentoo-dev 2007-12-30 03:53:14 UTC 
All the packages that are listed, but are false positives IMO

glsa-200311-05.xml net-analyzer/ethereal -> net-analyzer/wireshark
glsa-200403-07.xml net-analyzer/ethereal -> net-analyzer/wireshark
glsa-200406-01.xml net-analyzer/ethereal -> net-analyzer/wireshark
glsa-200407-08.xml net-analyzer/ethereal -> net-analyzer/wireshark
glsa-200412-15.xml net-analyzer/ethereal -> net-analyzer/wireshark
glsa-200501-27.xml net-analyzer/ethereal -> net-analyzer/wireshark
glsa-200503-16.xml net-analyzer/ethereal -> net-analyzer/wireshark
glsa-200505-03.xml net-analyzer/ethereal -> net-analyzer/wireshark
glsa-200507-27.xml net-analyzer/ethereal -> net-analyzer/wireshark
glsa-200510-25.xml net-analyzer/ethereal -> net-analyzer/wireshark
glsa-200512-06.xml net-analyzer/ethereal -> net-analyzer/wireshark
glsa-200604-17.xml net-analyzer/ethereal -> net-analyzer/wireshark
glsa-200607-09.xml net-analyzer/ethereal -> net-analyzer/wireshark
glsa-200501-22.xml net-mail/poppassd_pam -> net-mail/poppassd_ceti
glsa-200406-20.xml net-misc/freeswan -> net-misc/openswan
glsa-200406-20.xml net-misc/super-freeswan -> net-misc/openswan
glsa-200404-10.xml sys-apps/iproute -> sys-apps/iproute2
glsa-200401-01.xml sys-kernel/development-sources -> sys-kernel/vanilla-sources
glsa-200402-06.xml sys-kernel/development-sources -> sys-kernel/vanilla-sources
glsa-200403-02.xml sys-kernel/development-sources -> sys-kernel/vanilla-sources
glsa-200407-02.xml sys-kernel/development-sources -> sys-kernel/vanilla-sources
glsa-200407-12.xml sys-kernel/development-sources -> sys-kernel/vanilla-sources
glsa-200407-16.xml sys-kernel/development-sources -> sys-kernel/vanilla-sources
glsa-200408-24.xml sys-kernel/development-sources -> sys-kernel/vanilla-sources
glsa-200401-01.xml sys-kernel/gentoo-dev-sources -> sys-kernel/gentoo-sources
glsa-200402-06.xml sys-kernel/gentoo-dev-sources -> sys-kernel/gentoo-sources
glsa-200403-02.xml sys-kernel/gentoo-dev-sources -> sys-kernel/gentoo-sources
glsa-200407-02.xml sys-kernel/gentoo-dev-sources -> sys-kernel/gentoo-sources
glsa-200407-12.xml sys-kernel/gentoo-dev-sources -> sys-kernel/gentoo-sources
glsa-200407-16.xml sys-kernel/gentoo-dev-sources -> sys-kernel/gentoo-sources
glsa-200408-24.xml sys-kernel/gentoo-dev-sources -> sys-kernel/gentoo-sources
glsa-200407-02.xml sys-kernel/hardened-dev-sources -> sys-kernel/hardened-sources
glsa-200407-12.xml sys-kernel/hardened-dev-sources -> sys-kernel/hardened-sources
glsa-200407-16.xml sys-kernel/hardened-dev-sources -> sys-kernel/hardened-sources
glsa-200408-24.xml sys-kernel/hardened-dev-sources -> sys-kernel/hardened-sources
glsa-200403-02.xml sys-kernel/hppa-dev-sources -> sys-kernel/hppa-sources
glsa-200407-02.xml sys-kernel/hppa-dev-sources -> sys-kernel/hppa-sources
glsa-200407-12.xml sys-kernel/hppa-dev-sources -> sys-kernel/hppa-sources
glsa-200407-16.xml sys-kernel/hppa-dev-sources -> sys-kernel/hppa-sources
glsa-200408-24.xml sys-kernel/hppa-dev-sources -> sys-kernel/hppa-sources
glsa-200407-02.xml sys-kernel/pegasos-dev-sources -> sys-kernel/pegasos-sources
glsa-200407-12.xml sys-kernel/pegasos-dev-sources -> sys-kernel/pegasos-sources
glsa-200407-16.xml sys-kernel/pegasos-dev-sources -> sys-kernel/pegasos-sources
glsa-200408-24.xml sys-kernel/pegasos-dev-sources -> sys-kernel/pegasos-sources
glsa-200407-02.xml sys-kernel/pegasos-sources -> sys-kernel/gentoo-sources
glsa-200407-16.xml sys-kernel/pegasos-sources -> sys-kernel/gentoo-sources
glsa-200407-02.xml sys-kernel/rsbac-dev-sources -> sys-kernel/rsbac-sources
glsa-200407-12.xml sys-kernel/rsbac-dev-sources -> sys-kernel/rsbac-sources
glsa-200407-16.xml sys-kernel/rsbac-dev-sources -> sys-kernel/rsbac-sources
glsa-200408-24.xml sys-kernel/rsbac-dev-sources -> sys-kernel/rsbac-sources
glsa-200402-02.xml x11-base/xfree -> x11-base/xorg-x11
glsa-200407-05.xml x11-base/xfree -> x11-base/xorg-x11
glsa-200409-34.xml x11-base/xfree -> x11-base/xorg-x11
glsa-200409-34.xml x11-base/xfree -> x11-base/xorg-x11
glsa-200411-28.xml x11-base/xfree -> x11-base/xorg-x11
Comment 23 Robert Buchholz (RETIRED) gentoo-dev 2007-12-30 03:56:53 UTC 
Created attachment 139606 [details, diff]
glsamoves-20071230

Quite some package moves I just committed (fixed?).
Comment 24 T Chan 2008-01-23 00:42:01 UTC 
How about automatically checking that referenced packages exist? It shouldn't slow things down that much (provided the portage cache is sensible) and would also prevent stuff like bug 204362#c36 (no clue if that will show up right).
Comment 25 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2008-01-23 09:07:25 UTC 
At some point we should hopefully be able to implement some of the proposed fixes. Though for now we're unfortunately understaffed. So any proposed solution would be great.
Comment 26 Tom Wijsman (TomWij) (RETIRED) gentoo-dev 2013-07-06 19:59:59 UTC 
Are we (who?) still understaffed? This doesn't sound too hard to automate?
Comment 27 Chris Reffett (RETIRED) gentoo-dev Security 2013-08-25 19:51:33 UTC 
I don't know about automating, but we (security) remain pretty understaffed.
Comment 28 Aaron Bauman (RETIRED) gentoo-dev 2019-09-07 00:25:33 UTC 
re-assigning to portage team now that glsa-check is only in Portage proper.