Re: Re: [suse-security] SuSE Security warnings/announcements
In the web page there is also the 'modules' update, as several others since the last sec-announce. please understand this. Its weekend. We do our best. You will be informed about every security releated change. Hopefully next week.
In my experience (that of a Lotus Domino app. planner/developer with 8 years of work in the field) a "real-time" reporting system works only if the "report" is a side-effect of the usual tools you use in everyday work: if it's not, and you have a lot urgent work, like in SuSE case, then the reporting activity tends to be considered burdensome and gets postponed with regard to the "real" work (producing fixed packages, for the situation at hand). I don't know how the SuSE security team keep tracks of their work (bug database, work planner, priority based scheduler, other/mixed solutions) but it would be nice to have/create some kind of integration system that automatically generates reports on the web (and maybe on the list) when someone uploads a packages on the ftp site, using the fix's description you copy & pasted from bugtraq when you decided you needed a new package to close a security breach. The problem is, these kind of things usually don't get done because "there's no time" ;-) If it's a safe and clear thing to reveal, could you (== SuSE) tell us how you do your tracking work now? Maybe someone could suggest (or write) something useful. Ciao, Roberto. P.S. Avoid working on weekends: the quality of what you "produce" tends to drop sharply... :-)
In my experience (that of a Lotus Domino app. planner/developer with 8 years of work in the field) a "real-time" reporting system works only if the "report" is a side-effect of the usual tools you use in everyday work: if it's not, and you have a lot urgent work, like in
Agreed.
SuSE case, then the reporting activity tends to be considered burdensome and gets postponed with regard to the "real" work (producing fixed packages, for the situation at hand).
I don't know how the SuSE security team keep tracks of their work (bug database, work planner, priority based scheduler, other/mixed solutions) but it would be nice to have/create some kind of integration system that automatically generates reports on the web (and maybe on the list) when someone uploads a packages on the ftp site, using the fix's description you copy & pasted from bugtraq when you decided you needed a new package to close a security breach.
8 years in the business must have taught you to not make any claims about things that you don't know very much about, at least not in the public. I consider your words rude and inadequate. More below.
The problem is, these kind of things usually don't get done because "there's no time" ;-)
Who are you talking about?
If it's a safe and clear thing to reveal, could you (== SuSE) tell us how you do your tracking work now? Maybe someone could suggest (or write) something useful.
I'm not sure if I get your point here. Just to make sure that there is no misunderstanding wrt your question: Our work tracking/time management is not for disposition here. The fact that it does take time does need as much justification as the fact that we try our best to not publish any information unless we're absolutely sure that we know what we're talking about: none.
Ciao, Roberto.
P.S. Avoid working on weekends: the quality of what you "produce" tends to drop sharply... :-)
If my ego wasn't so big, I would not have had to answer this mail and
wasted the time that could have been used otherwise. Anyway, I hope that
your last sentence was at least as friendly as your smiley at the end.
Roman.
--
- -
| Roman Drahtmüller
participants (2)
-
r.maurizzi@gvs.it
-
Roman Drahtmueller