Hello,
Please see -> https://fedoraproject.org/wiki/Security_Team
The wiki has been updated to add FST process details. Please have a look in case you spot anything amiss.
Earlier today, I was discussing with Huzaifa(https://fedoraproject.org/wiki/User:Huzaifas) who said, we need to define how we handle issues in packages wherein upstream is unresponsive or is dead. We need to close such issues and retire those packages.
If you know other such instances wherein users don't know what to do, let's please collate them together and define a course of action for them.
Your comments/inputs/suggestions are most welcome! :) --- Regards -Prasad http://feedmug.com
Hey Prasad,
On 19.09.2014 10:09, P J P wrote:
Hello,
Please see -> https://fedoraproject.org/wiki/Security_Team
The wiki has been updated to add FST process details. Please have a look in case you spot anything amiss.
The CVE section describes a process which we have not discussed at any meeting - I would prefer that before putting in effect. My worry is this extends the role of the team too much and dilute our efforts that currently go into fixing vulnerable packages.
Earlier today, I was discussing with Huzaifa(https://fedoraproject.org/wiki/User:Huzaifas) who said, we need to define how we handle issues in packages wherein upstream is unresponsive or is dead. We need to close such issues and retire those packages.
If you know other such instances wherein users don't know what to do, let's please collate them together and define a course of action for them.
Your comments/inputs/suggestions are most welcome! :)
I think we should not rush into fitting existing process on Fedora.
Regards -Prasad http://feedmug.com _______________________________________________ security-team mailing list security-team@lists.fedoraproject.org https://lists.fedoraproject.org/mailman/listinfo/security-team
security-team@lists.fedoraproject.org