-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On Wed, Jul 09, 2014 at 10:37:24PM +0400, Igor Gnatenko wrote:
first thank you for creating maillist. That's really useful.
Let me some qoute Eric and ask some questions.
> As of 2014-06-10 there were 539 open security bugs in Fedora. With a little work we
should be able to get this number down by figuring out if the vulnerability is still open,
if a patch/release is available to fix it, or need to work upstream. We'll likely
need to come up with a way to categorize these things in BZ to make it easier to do a
search.
Ahh, yes, my introduction to the mess that awaits us. :)
Can you provide link where I can get this list of bugs?
So, first, sorry for not immediately writing this message up when I subscribed you but
I'm a little crowded with a lot of little things around and I have the attention span
of... wait, what was I saying?
Oh right, bugs. Yes, so I'll tell you where they are and let you run them down. You
won't be able to search for them in a certain component as they are filed against the
packages themselves. If you search using the keywords "SecurityTracking"
you'll find them all. You should also be able to use the priority to comb through by
priority*. You can easily search for a subset of the bugs and come up with what
you're looking for like all the critical ones[0]. I'll go through and post links
on the wiki to make it easier for everyone to find.
So I see two tasks that need to really get going... now. First, we need to look at the
critical bugs and make sure they are being addressed. Second, we need to look at all the
unprioritized bugs and get them prioritized so we know where they are in the mix. The
priorities come from the CVEs that they block but you'll have to dig it out of the
whiteboard.
So we don't bump heads while working on things lets just send what you are working on
to the list so we'll all know who has what for now. Lets concentrate on the urgent
bugs and prioritizing. So if anyone wants to start working on 905373 just roger up for it
on the list and start working.
Thanks for everyone stepping up to help!
[0]
http://red.ht/1lUHeBF
* This is not always the case. There was a bug in the tools that automatically generate
these bugs that failed to set the priority so we'll need to look at those. It's
really two bugs but it gets complicated. People know about it and are working on a fix.
- -- Eric
- --------------------------------------------------
Eric "Sparks" Christensen
Fedora Project
sparks(a)fedoraproject.org - sparks(a)redhat.com
097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1
- --------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAEBCgAGBQJTvaIKAAoJEB/kgVGp2CYvafAL/2qV/dAI5ifushA83Sw4byR6
Rk5953eR4Yy2xi+Z9lMvcrpAYkfom/cScbfw9v0oeyvzgh/amMMrC2h9V5HX5obB
wPzsf1FBiQl6VIB8v+vAuh3ihgj/2QvcMfVlfJLxgMKnbI8ZNirGGZTF1v8obtrD
S35qvLoPOrKUbPoixvQGsPMHMfT2h75PBEQ331bwaUnSzBoLPcK8tpXFq+9qQaTi
+3sqVnqEChmlkg7GzEAEeMTCgD6UXQJSPcflPcSizQBl4xROKvnF6pT6WuUZ38DE
+I4OSTqnHmWuXFvt6zqvlhlm/9hVefmoDIc25PWhAmQUYFsOL62fdHPLKUgq7Ohy
g2zp+PCiN8S6LdmRSA75SJXchsxUb0TnwKBQg2GhVRk36ol5kZBLVQrScfXVpVpO
N0CS7fhFMfecBCs3p6UFB7WbDbJM23P7v/lbC0u7bf3rUmK52nvg5s+7j6lUzB+0
psdQoDtR79Sez2PhEbiV1xWwA0tum4lII0Zg6I9fSw==
=+ije
-----END PGP SIGNATURE-----