Point taken. I do not pay for the service, and I do agree that the volunteer effort that's contributed should be directed towards development. However, I think that if a policy change is requested by enough people, I honestly don't think it would require that much effort to post brief security related announcements. Just look at all the effort being put in to crafting all this belittling banter.
Ok, maybe I misunderstand the purpose of this list? It is a security list, and a major security hole was discovered, that affects the gentoo kernel sources, to which I have good faith are being worked on, but we have not been formally informed? Call me crazy, but this just isn't a bug, it is also a security issue, which, I think, belongs on a security list. Maybe I'm totally out of line here?
Your ranting is appreciated.
k.
On Sun, 9 Jan 2005, Philipp Kern wrote:
On 8 Jan 2005, at 21:13, Kris wrote:Maybe the user base on this list should be consulted on what they think is best?
The ``user base'' mostly hasn't deal with any security problems. I have to defend Gentoo on this one. On most distributions the security lists are closed. There are reasons for this, things shouldn't go public. Sometimes they agree on a release date etc. Subscribe to Bugtrac etc. if you are interested in zero-day exploits.
Gentoo's process is reasonably open as almost all is documented within Bugzilla. You could watch [EMAIL PROTECTED] easily. Sure you get much junk, but what do you expect. I would rather see the Gentoo developers spend time to fix the bugs and write concrete advisories than duplicating information from the Bugzilla on this list. Some seem to forget that all the work within Gentoo is volunteer-based. On other distributions you only receive announcements, or you have to subscribe to a notification list for all bugs, not only the security-related ones.
Did you pay anyone at Gentoo? Did you donate? Did you pay somebody who verifies all bugs and rates them and sends an announcement to this list when he thinks one is serious enough when you are subscribed to Bugtrac/Securityfocus anyway? Get real.
I agree with you that the behaviour of some on this list is harassing. People could deal with others more gently. But the flamewar would start anyway, as I have learned from the past. English isn't my mother language either, but you shouldn't use your new learned insults to throw them randomly to others.
Ah I should stop ranting... ):
Regards, Philipp Kern
-- [email protected] mailing list
