Security release criterion proposal
Adam Williamson
awilliam at redhat.com
Wed May 18 17:44:16 UTC 2011
On Wed, 2011-05-18 at 13:37 -0400, Adam Jackson wrote:
> On 5/18/11 1:22 PM, Kevin Kofler wrote:
> > Adam Williamson wrote:
> >> # There must be no known remote code execution vulnerability which could
> >> be exploited during installation or during use of a live image shipped
> >> with the release
> >
> > This is just completely and utterly moot considering that there are going to
> > be many more unknown vulnerabilities than known ones, and that several of
> > those are inevitably going to come up during the 6-month lifetime of a
> > release.
>
> The difference between a known and an unknown security bug is that, if
> _you_ know about it, it's virtually certain that someone malicious
> already does too.
>
> We can't avoid unknown risk exposure. You're arguing for ignoring known
> risk exposure entirely. Seems a touch irresponsible.
>
> Also: twelve month.
Well, I think his point is that it's almost certain that some 'unknown'
exposures will become 'known' during the life cycle of a release, at
which point the live images we release three months previously are
vulnerable to a known security exploit and there's exactly nothing we
can do about it - so worrying about the ones we _can_ fix at release
time becomes less important, when viewed from that perspective. It's a
good point.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net
More information about the devel
mailing list