Lubomir Kundrak wrote:
> Well, that sounds fair, but be warned, that the audit files are
specially for our
> track and doesn't have to be 100% reliable. Watching the package
> for [SECURITY] things can be always relied on, though it will have
> compared to this, as packagers need time to roll updates. Anyways,
> the vulnerability and not having the updated package avaliable is not
I'll be subscribing to the package announce list, and maybe using the
commit log less.
> So you are for separating the lists. Is the only issue the name of the
> that case, the CVS logs traditionally go to -commits mailing lists. I
> won't be much of an issue for you to subscribe to that one and
> one eventually, if you're not interested in discussions, just in raw
Not really hard to resubscribe -- I just viewed the discussion as my
to find out what is the best way to keep up to date on Fedora security
I subscribe to this list so I can get alerted to new CVE related bugs.
While the audit files change log was hard to understand at first, I can
now easily scan for packages my server relies on, and run yum to get new
packages if something is fixed.
Is there a better way for me to learn about vulnerabilities? If this is
the preferred way, then it would be nice to keep the commit log on this
list, so I don't have to subscribe to both. I'd also argue that if this
is the preferred way, then a new list for security discussions would be
a better way to change things.
[mailto:firstname.lastname@example.org] On Behalf Of
Sent: Tuesday, September 18, 2007 12:00 PM
Subject: Fedora-security-list Digest, Vol 19, Issue 15
Send Fedora-security-list mailing list submissions to
To subscribe or unsubscribe via the World Wide Web, visit
or, via email, send a message with subject or body 'help' to
You can reach the person managing the list at
When replying, please edit your Subject line so it is more specific than
"Re: Contents of Fedora-security-list digest..."
1. Re: Separate list for commits (Kevin Fenzi)
2. [Bug 243592] CVE-2007-3112, CVE-2007-3113: cacti DoS
3. [Bug 243592] CVE-2007-3112, CVE-2007-3113: cacti DoS
4. Re: Separate list for commits (Lubomir Kundrak)
5. Re: Separate list for commits (Eugene Teo)
6. [RFC] Tracking bugs for Fedora; managing security flaws in
multiple supported releases (Lubomir Kundrak)
7. fedora-security/audit fc6,1.260,1.261 fc7,1.108,1.109
(Tomas Hoger (thoger))
Date: Mon, 17 Sep 2007 15:22:35 -0600
From: Kevin Fenzi <kevin(a)tummy.com>
Subject: Re: Separate list for commits
Content-Type: text/plain; charset="us-ascii"
On Mon, 17 Sep 2007 17:27:47 +0200
Lubomir Kundrak <lkundrak(a)redhat.com> wrote:
> Hi all,
> Wit the volume of the commit messagaes and bugzilla mails this list
> became less suited for discussions. Would anyone mind creating another
> list, say fedora-security-commits-list, where would that sort of mails
I filter such emails into another box, so discussion shows up just fine
Perhaps we could use mailman "Topics" support better here?
ie, make all bugzilla and commits emails have their own topic.
If you just subscribe you get everything, but if you don't want
everything you can change your topics so you don't get the things you
Or for that matter, perhaps we could just get the regular commits list
to have a security topic for people who only want security commits?
Just a thought.