On 03/12/2017 07:19 AM, Walter Dnes wrote: > - Typo... > Additional Security Project bugzilla notes > * The Security Project is except (should that read "exempt"?)
Thanks, fixed > > > > - An intermediate level before masking might be issuing a warning if > some simple, specific remediation measure can protect against a > vulnerability. E.g. forcing cups to only listen to 127.0.0.1 or :1 Mitigations like these are mentioned in the GLSA > > - If you want to absolutely ensure that people are warned of a severe, > but remediable vulnerability, is it acceptable to "break the build" > by requiring a new local USE flag for the ebuild? I'm thinking of > something like "glep_0001234", "glep_0001235", "glep_0001236", etc, > and have the ebuild die if the flag is not set, and print out a URL > for a security problem. This could be abstracted to make.conf with > a new variable... > > GLEP="0001234 0001235 0001236 etc etc" Sounds like a lot of complexity for limited value. -- Kristian Fiskerstrand OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
signature.asc
Description: OpenPGP digital signature
