Hello
Last weekend we hosted a security FAD to introduce participants to Fedora Security Team, its mission and activities. After this introduction, we collectively triaged about 36 security bugs. More details are found at
-> https://fedoraproject.org/wiki/FAD_Pune_Security_1 -> https://pjps.wordpress.com/2014/11/09/report-fad-1-nov-2014-theme-security/
Any comments, suggestions and/or inputs are most welcome.
Thank you.--- Regards -Prasad http://feedmug.com
Hi
On Sun, Nov 9, 2014 at 11:28 AM, P J P wrote:
-> https://pjps.wordpress.com/2014/11/09/report-fad-1-nov-2014-theme-security/
One quick suggestion: If maintainer does not respond to security bugs, other than just sending reminders, there are atleast two other ways to handle this depending on how severe or how prolonged the problem is.
1) Use provenpackager rights to fix it. If you are not one already and are active in Fedora, apply to be one. Security triaging is a good enough reason to do that
https://fedoraproject.org/wiki/Provenpackager_policy
2) Follow non responsive maintainer policy
https://fedoraproject.org/wiki/Policy_for_nonresponsive_package_maintainers
Rahul
Hello Rahul, how are things?
On Wednesday, 12 November 2014 9:50 AM, Rahul Sundaram wrote:
One quick suggestion: If maintainer does not respond to security bugs, other than just sending reminders, there are atleast two other ways to handle this depending on how severe or how prolonged the problem is.
- Use provenpackager rights to fix it. If you are not one already and
are active in Fedora, apply to be one. Security triaging is a good enough reason to do that https://fedoraproject.org/wiki/Provenpackager_policy
Oh, great! Request filed.
- Follow non responsive maintainer policy
https://fedoraproject.org/wiki/Policy_for_nonresponsive_package_maintainers
Yes, we've been discussing about this and package retirement policy and how we could exercise it.
Thanks so much for the great suggestions. Thank you. :)--- Regards -Prasad http://feedmug.com