Quake3 security issue and non-responsive maintainer: Xavier Lamien

Richard W.M. Jones rjones at redhat.com
Tue May 11 16:24:02 UTC 2010

On Tue, May 11, 2010 at 04:38:53PM +0530, Rahul Sundaram wrote:
> On 05/11/2010 03:43 PM, Daniel P. Berrange wrote:
> >
> > Do we have a security team who evaluate security issues that are filed 
> > against any package, and who have the privileges to immediately fix the 
> > CVE should the maintainer not be responsive enough wrt the severity of
> > the security problem ? We shouldn't have security fixes blocked on the
> > unreponsive maintainer process. Proven packagers obviously have suitable
> > CVS commit privileges to make the changes, but do any of them actively 
> > monitor for security issues & address them ?
> >   
> Yes. Security team did monitor and filed the security issue but they
> don't do commits and builds and there is no team outside of them taking
> care of these issues.  It would be great to take care of this.

Maybe security issues should be bumped up to this list so
provenpackagers can try to take care of them?


Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
libguestfs lets you edit virtual machines.  Supports shell scripting,
bindings from many languages.  http://et.redhat.com/~rjones/libguestfs/
See what it can do: http://et.redhat.com/~rjones/libguestfs/recipes.html

More information about the devel mailing list