Maybe the user base on this list should be consulted on what they think is best?
The ``user base'' mostly hasn't deal with any security problems. I have to defend Gentoo on this one. On most distributions the security lists are closed. There are reasons for this, things shouldn't go public. Sometimes they agree on a release date etc. Subscribe to Bugtrac etc. if you are interested in zero-day exploits.
Gentoo's process is reasonably open as almost all is documented within Bugzilla. You could watch [EMAIL PROTECTED] easily. Sure you get much junk, but what do you expect. I would rather see the Gentoo developers spend time to fix the bugs and write concrete advisories than duplicating information from the Bugzilla on this list. Some seem to forget that all the work within Gentoo is volunteer-based. On other distributions you only receive announcements, or you have to subscribe to a notification list for all bugs, not only the security-related ones.
Did you pay anyone at Gentoo? Did you donate? Did you pay somebody who verifies all bugs and rates them and sends an announcement to this list when he thinks one is serious enough when you are subscribed to Bugtrac/Securityfocus anyway? Get real.
I agree with you that the behaviour of some on this list is harassing. People could deal with others more gently. But the flamewar would start anyway, as I have learned from the past. English isn't my mother language either, but you shouldn't use your new learned insults to throw them randomly to others.
Ah I should stop ranting... ):
Regards, Philipp Kern
PGP.sig
Description: This is a digitally signed message part
