Quake3 security issue and non-responsive maintainer: Xavier Lamien
metherid at gmail.com
Tue May 11 11:08:53 UTC 2010
On 05/11/2010 03:43 PM, Daniel P. Berrange wrote:
> Do we have a security team who evaluate security issues that are filed
> against any package, and who have the privileges to immediately fix the
> CVE should the maintainer not be responsive enough wrt the severity of
> the security problem ? We shouldn't have security fixes blocked on the
> unreponsive maintainer process. Proven packagers obviously have suitable
> CVS commit privileges to make the changes, but do any of them actively
> monitor for security issues & address them ?
Yes. Security team did monitor and filed the security issue but they
don't do commits and builds and there is no team outside of them taking
care of these issues. It would be great to take care of this.
More information about the devel