Hi there, On Monday 07 August 2006 13:42, Wolfram Schlich wrote: > Any comments or thoughts about this? > Can we become better? > Are we maybe better than the author pretends? > Does the security team currently face serious problems that need to be > solved, be it inside or outside the security team? > > I am just curious and would be glad to get some feedback :) I saw the article a few days back and here is a short summary of what I think about it:
- I'm a bit disappointed with the result. - The Security Team is short on staff so we're not as speedy as we once was :-/ - The scores are not weighted to take severity into account. - No exact references are given to the vulnerabilities in question making it hard to check. - Secunia release dates are not the same as Gentoo release dates as Secunia seldom work during weekends. - Unstable uses usually get the fix hours or even days before the GLSA is issued. - My own non-scientific research indicates that we're not that bad compared to other community distributions like Debian (at least when you compare the latest GLSAs with the high severity rating). If you want to help out the Security Team and have some relevant skills please consult the link in my signature or send me a private email. -- Sune Kloppenborg Jeppesen (Jaervosz) Operational Manager Gentoo Linux Security Team http://security.gentoo.org
pgpPl7ExaAuMy.pgp
Description: PGP signature
