On 26 September 2010 11:31, Richard Freeman <ri...@gentoo.org> wrote: > Gentoo has been vulnerable to a highly-publicized (Guardian, Slashdot, > the works) local privilege escalation for almost two weeks now. (Well, > it has been vulnerable for years, but of course we didn't know about it > until two weeks ago.) > > In the bugzilla thread tracking the problem it has been mentioned a few > times that the kernel does not receive GLSA support: > http://bugs.gentoo.org/show_bug.cgi?id=337645
Kernels used to be covered in GLSAs. I mourned the loss of kernel GLSAs quite a while back. http://blog.gmane.org/gmane.linux.gentoo.security/month=20070401 Kernels used to be included, but apparently it was too much work getting all the version kernel versions in sync. I used to have script that emailed me applicable GLSAs, and I never heard that they stopped including the kernel, so I was miffed when I found out. I still don't understand why there isn't a single security alert point of reference that covers everything on a Gentoo box though. What would it take to get kernels included again? /meh. PS. Hardened Gentoo still rocks though.
