Security Tracking Bugs
by Christian Krause
Hi,
In the CVE bugs the following wiki page is referred:
https://fedoraproject.org/wiki/Security/TrackingBugs
>From a maintainer's point of view this page needs some improvements:
- larger parts are written in the conjunctive or future so that it is
not clear, whether the page describes the current procedure or just some
wish list for the future
- the page lacks of the description of the very specific tasks for the
maintainers
- some information is outdated and/or wrong - e.g. the description how
many tracking bugs are created
I took the opportunity to clarify some parts of this page and I also
added a section with step-by-step instructions for the maintainers:
https://fedoraproject.org/wiki/User:Chkr/Drafts/Security/TrackingBugs
The changes between the original page and my draft can be reviewed here:
https://fedoraproject.org/w/index.php?title=User%3AChkr%2FDrafts%2FSecuri...
Most changes are just cosmetic nature and/or clarifies the process.
Nevertheless, it needs to be carefully reviewed.
There is one particular item I'd like to discuss:
I find the idea of having multiple tracking bugs quite helpful since it
really simplifies the maintainer's job: He can make full use of bodhi's
feature to close the bug reports automatically.
So I would suggest that either
a) the security engineer (who opens the security bugs) checks, which
Fedora branches are affected and creates the appropriate tracking bugs
or
b) the step-by-step section could contain the explicit suggestion that
the maintainer could (or should?) create the appropriate number of
tracking bugs for each release himself
I would prefer a), because it would make the work of the packagers
easier and the process of handling the CVE bugs more reliable since the
risk of missing to fix a specific branch is minimized.
So, what do you think?
Best regards,
Christian
12 years, 2 months
- 2
- 1
libp11 et engine_pkcs11 fecora core 10
by fakessh @
hello list fedora security.
I installed the packages libp11 and engine_pkcs11 of fedora core 10 on
my centos 5.5 to allow me to compile the latest version of bind.
fedora core packages 10 are no longer updated and let me know if it is
flawed security
thanks for your return
--
gpg --keyserver pgp.mit.edu --recv-key 092164A7
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
12 years, 3 months
- 2
- 1
- ← Newer
- 1
- Older →