The last 20 posts have had nothing practical to do with this local root
exploit. If it's the policy that this list is not used as a forum to
notify people of *major* security exploits even before the fix is released
then there's nothing to talk about. A policy is a policy. However, if
this project is supposed to be community based and democratic and a
majority of people think that it will increase it's efficiency and
effectiveness to have notifications posted to this list, then maybe the
people should take notice and consider it, rather than throwing around
insults. Maybe the user base on this list should be consulted on what
they think is best?
If not, that's fine, but nobody should have illusions about the gentoo
community having an easily accesible avenue to receive *extremely
important* notifications, even without a fix, such as these. Nor should
they delude themselves in thinking that they respond appropriately to the
concerns of their userbase. Subscribing to a bug tracking list to track
local and remote root exploits is an unreasonable request to make of
sysadmins who frankly don't have the time to deal with it. As many others
have already mentioned, this isn't good enough. Is there some other
solution we can work towards?
k.
--
[email protected] mailing list
