Making Fedora more secure, a 90-day goal.

[David Cafaro]

On 04/06/2015 03:22 PM, Eric Christensen wrote:
> On Thursday, April 02, 2015 01:05:32 PM Eric Christensen wrote:
>> Right now there is one critical CVE and 46 important CVEs open against
>> either a package in Fedora or EPEL.  These are CVEs that should have been
>> addressed long ago and I'm, quite frankly, tired of looking at them.
> Just looked at the numbers after the weekend hoping I'd see some movement.  
> Here's what I found:
>
> Of the 38 important CVEs opened in 2014 or prior that I identified last 
> Thursday as still being open one was closed, five are On_QA, and the rest don't 
> really look like they've been touched in a while, with a few exceptions.
>
> All the cases are "owned" but it looks like most haven't been followed up on 
> in a while.  If you want to participate in this "contest" but don't see a way 
> in here's what I suggest: if a case hasn't been followed up on in the past 
> month TAKE IT!  This includes the ones I touched today but don't "own".  Let's 
> crush these bugs and make Fedora better!
>
> -- Eric
>
>

Hi Eric,

I noticed you commented on a couple of my tickets, I just wanted to let
you know there was some followup outside of the ticket system as well. 
This often occurred when i found I got no response from the ticket
updates (and started sending emails directly).

That doesn't mean that went anywhere either, but just want to make sure
it's clear that more activity may be happening off ticket as well.

Another questions.  What is the ultimate goal of this ticket push?  Are
we trying to get patches and updates no matter what or are we going to
settle for somethings going to the orphaned queue?

Would prefer to have everything get a patch and update then go to orphan
queue myself, but that's more work.

Thanks,
David