On 08/10/2018 08:11 PM, Huzaifa Sidhpurwala wrote:
Hello Folks,
I am writing this email from Flock Fedora conference in Dresden,
Germany. For those who do not know me, i work for the Red Hat Product
Security Team and have been a fedora contributor for the last 8 odd years.
Thank you everyone who replied to my email, both on this mailing list
and privately. Please find below a short report on the overall progress
since my first email, followed by replies to some of your questions:
1.
https://pagure.io/fesco/issue/1935
Seems like FESCO likes this idea so far and in the next meeting it may
even be approved. YAY!!
2. Fedora security dashboard:
During FLOCK i sat in this very interesting talk on GSOC and outreachy.
And i thought about letting students do the dashboard via one of the
above projects. Good for them and us both :P
Now to answer some of the questions:
1. Nag emails:
I think what myself and justin meant was more of "reminder emails", i
plan to send one this monday and see what people think. The email will
only say who needs to fix how many security fix and serve as a gentle
reminder, no nuclear explosions intended!
2. Documentation:
I realized that there was a shortage of docs for package maintainers on
how to handle security flaws. I wrote this short doc at:
https://fedoraproject.org/wiki/Security:HowtoSecurityBugs
This is more of a brain dump than anything else. Please feel free to
edit and add more content or point my mistakes and i can correct them.
Lastly, based on all the replies i got, i am going to edit the security
team page and remove all those folks who are not active. In case you are
still interested do let me know, i can add you back!
--
Huzaifa Sidhpurwala / Red Hat Product Security Team