First message in list with some questions ;)

Eric H. Christensen sparks at fedoraproject.org
Wed Jul 9 20:11:57 UTC 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Wed, Jul 09, 2014 at 10:37:24PM +0400, Igor Gnatenko wrote:
> first thank you for creating maillist. That's really useful.
> Let me some qoute Eric and ask some questions.
> 
> > As of 2014-06-10 there were 539 open security bugs in Fedora.  With a little work we should be able to get this number down by figuring out if the vulnerability is still open, if a patch/release is available to fix it, or need to work upstream.  We'll likely need to come up with a way to categorize these things in BZ to make it easier to do a search.

Ahh, yes, my introduction to the mess that awaits us.  :)

> Can you provide link where I can get this list of bugs?

So, first, sorry for not immediately writing this message up when I subscribed you but I'm a little crowded with a lot of little things around and I have the attention span of...   wait, what was I saying?

Oh right, bugs.  Yes, so I'll tell you where they are and let you run them down.  You won't be able to search for them in a certain component as they are filed against the packages themselves.  If you search using the keywords "SecurityTracking" you'll find them all.  You should also be able to use the priority to comb through by priority*.  You can easily search for a subset of the bugs and come up with what you're looking for like all the critical ones[0].  I'll go through and post links on the wiki to make it easier for everyone to find.

So I see two tasks that need to really get going... now.  First, we need to look at the critical bugs and make sure they are being addressed.  Second, we need to look at all the unprioritized bugs and get them prioritized so we know where they are in the mix.  The priorities come from the CVEs that they block but you'll have to dig it out of the whiteboard.

So we don't bump heads while working on things lets just send what you are working on to the list so we'll all know who has what for now.  Lets concentrate on the urgent bugs and prioritizing.  So if anyone wants to start working on 905373 just roger up for it on the list and start working.

Thanks for everyone stepping up to help!

[0] http://red.ht/1lUHeBF


* This is not always the case.  There was a bug in the tools that automatically generate these bugs that failed to set the priority so we'll need to look at those.  It's really two bugs but it gets complicated.  People know about it and are working on a fix.

- -- Eric

- --------------------------------------------------
Eric "Sparks" Christensen
Fedora Project

sparks at fedoraproject.org - sparks at redhat.com
097C 82C3 52DF C64A 50C2  E3A3 8076 ABDE 024B B3D1
- --------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQGcBAEBCgAGBQJTvaIKAAoJEB/kgVGp2CYvafAL/2qV/dAI5ifushA83Sw4byR6
Rk5953eR4Yy2xi+Z9lMvcrpAYkfom/cScbfw9v0oeyvzgh/amMMrC2h9V5HX5obB
wPzsf1FBiQl6VIB8v+vAuh3ihgj/2QvcMfVlfJLxgMKnbI8ZNirGGZTF1v8obtrD
S35qvLoPOrKUbPoixvQGsPMHMfT2h75PBEQ331bwaUnSzBoLPcK8tpXFq+9qQaTi
+3sqVnqEChmlkg7GzEAEeMTCgD6UXQJSPcflPcSizQBl4xROKvnF6pT6WuUZ38DE
+I4OSTqnHmWuXFvt6zqvlhlm/9hVefmoDIc25PWhAmQUYFsOL62fdHPLKUgq7Ohy
g2zp+PCiN8S6LdmRSA75SJXchsxUb0TnwKBQg2GhVRk36ol5kZBLVQrScfXVpVpO
N0CS7fhFMfecBCs3p6UFB7WbDbJM23P7v/lbC0u7bf3rUmK52nvg5s+7j6lUzB+0
psdQoDtR79Sez2PhEbiV1xWwA0tum4lII0Zg6I9fSw==
=+ije
-----END PGP SIGNATURE-----

More information about the security-team mailing list