Quake3 security issue and non-responsive maintainer: Xavier Lamien
Jaroslav Reznik
jreznik at redhat.com
Tue May 11 13:37:51 UTC 2010
On Tuesday 11 May 2010 13:08:53 Rahul Sundaram wrote:
> On 05/11/2010 03:43 PM, Daniel P. Berrange wrote:
> > Do we have a security team who evaluate security issues that are filed
> > against any package, and who have the privileges to immediately fix the
> > CVE should the maintainer not be responsive enough wrt the severity of
> > the security problem ? We shouldn't have security fixes blocked on the
> > unreponsive maintainer process. Proven packagers obviously have suitable
> > CVS commit privileges to make the changes, but do any of them actively
> > monitor for security issues & address them ?
>
> Yes. Security team did monitor and filed the security issue but they
> don't do commits and builds and there is no team outside of them taking
> care of these issues. It would be great to take care of this.
Would be great to have similar team - I've already did update for them as
provenpackager (unmaintained orphaned package - mod_auth_shadow) but I wasn't
sure about my responsibilities for this update. Some clarification would be
great (I'm not talking about another policy just recommended practice).
Jaroslav
> Rahul
--
Jaroslav Řezník <jreznik at redhat.com>
Software Engineer - Base Operating Systems Brno
Office: +420 532 294 275
Mobile: +420 602 797 774
Red Hat, Inc. http://cz.redhat.com/
More information about the devel
mailing list