I've already started seeing some successes in closing some security bugs. I'd like to try to prioritize our efforts a bit. On the Security Team wiki page I provided links to security bugs based on their urgency (Critical -> Important -> Moderate -> Low). We should also prioritize our efforts within those categories as oldest to newest. I'm hoping that the older vulnerabilities have already been closed and the tickets just left open. If not we should definitely get them fixed. By the way, the links on the wiki look at all vulnerabilities in Fedora and EPEL (bugs tagged with Keywords: SecurityTracking). I think I'll modify the query to not show bugs that already have an fst_owner so people only see what's not taken. Thoughts?

-- Eric -------------------------------------------------- Eric "Sparks" Christensen Fedora Project sparks(a)fedoraproject.org - sparks(a)redhat.com 097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1 -------------------------------------------------- _______________________________________________ security-team mailing list security-team(a)lists.fedoraproject.org https://lists.fedoraproject.org/mailman/listinfo/security-team

The only problem I see with this is that what happens if for some reason the fst_owner drops out and is no longer maintaining the ticket? Oh, and Hi all, just volunteered up yesterday. Will take some time this weekend to catchup on everything and get into the work flow. I currently work as a systems engineer at a firm specializing in computer and network security solutions. Looking forward to helping out. Cheers, David On 08/01/2014 12:27 PM, Jason Taylor wrote: > On Fri, 2014-08-01 at 12:21 -0400, Eric H. Christensen wrote: >> I've already started seeing some successes in closing some security >> bugs. I'd like to try to prioritize our efforts a bit. On the >> Security Team wiki page I provided links to security bugs based on >> their urgency (Critical -> Important -> Moderate -> Low). We should >> also prioritize our efforts within those categories as oldest to >> newest. I'm hoping that the older vulnerabilities have already been >> closed and the tickets just left open. If not we should definitely get >> them fixed. >> >> By the way, the links on the wiki look at all vulnerabilities in Fedora >> and EPEL (bugs tagged with Keywords: SecurityTracking). I think I'll >> modify the query to not show bugs that already have an fst_owner so >> people only see what's not taken. Thoughts? > +1 for showing bugs with no fst_owner. > >> -- Eric >> >> -------------------------------------------------- Eric "Sparks" >> Christensen Fedora Project >> >> sparks(a)fedoraproject.org - sparks(a)redhat.com 097C 82C3 52DF C64A 50C2 >> E3A3 8076 ABDE 024B B3D1 >> -------------------------------------------------- >> _______________________________________________ security-team mailing >> list security-team(a)lists.fedoraproject.org >> https://lists.fedoraproject.org/mailman/listinfo/security-team > > JT > _______________________________________________ > security-team mailing list > security-team(a)lists.fedoraproject.org > https://lists.fedoraproject.org/mailman/listinfo/security-team _______________________________________________ security-team mailing list security-team(a)lists.fedoraproject.org https://lists.fedoraproject.org/mailman/listinfo/security-team