Hey Prasad,
On 19.09.2014 10:09, P J P wrote:
Hello,
Please see ->
https://fedoraproject.org/wiki/Security_Team
The wiki has been updated to add FST process details. Please have a look in case you spot
anything amiss.
The CVE section describes a process which we have not discussed at
any meeting - I would prefer that before putting in effect. My worry is this extends the
role of the team too much and dilute our efforts that currently go into fixing vulnerable
packages.
Earlier today, I was discussing with
Huzaifa(https://fedoraproject.org/wiki/User:Huzaifas) who said, we need to define how we
handle issues in packages wherein upstream is unresponsive or is dead. We need to close
such issues and retire those packages.
If you know other such instances wherein users don't know what to do, let's
please collate them together and define a course of action for them.
Your comments/inputs/suggestions are most welcome! :)
I think we should not rush
into fitting existing process on Fedora.
---
Regards
-Prasad
http://feedmug.com
_______________________________________________
security-team mailing list
security-team(a)lists.fedoraproject.org
https://lists.fedoraproject.org/mailman/listinfo/security-team
--
Jan Rusnacko, Red Hat Product Security