Fedora Board Recap 2010-11-08
Rahul Sundaram
metherid at gmail.com
Thu Nov 11 10:19:29 UTC 2010
On 11/10/2010 09:30 AM, Jon Stanley wrote
> No, they were considered two separate issues - first the guideline,
> and second the inclusion of sqlninja. I suppose that you could say
> that we applied the just-approved guideline in making that decision,
> however, it was not framed that way. I specifically mentioned the
> unfairness of applying a just-made guideline, however, Spot informed
> us that the packager actually blocked the review on FE-LEGAL, and so
> specifically was waiting for a decision before proceeding.
Review on FE-LEGAL typically involves Red Hat Legal making a decision on
whether this is acceptable or not. Did they? If they are fine with
it, Fedora Board's concerns seem very fuzzy to me. Yeah, sure it can
be used to attack other systems but the reason it has been put up for
review and will be included in Fedora Security Lab if approved is
because if you are on the other side of the fence, one needs to make
sure we don't get attacked by such tools and it would be prudent to run
this tool and secure ourselves. Heck, we can run it against Fedora
Infrastructure systems to see if more hardening is needed anywhere.
Rahul
More information about the advisory-board
mailing list