FST post in Fedora Magazine [DRAFT]
Tomas Hoger
thoger at redhat.com
Wed Sep 16 14:52:34 UTC 2015
On Wed, 16 Sep 2015 07:30:52 -0500 Major Hayden wrote:
> On 09/16/2015 12:46 AM, pjp at fedoraproject.org wrote:
> > That's right. We need to publicise 'security at fp.o' address for
> > users to report issues to FST.
Before doing that, it should be figured out how to handle those
reports. Traditionally, only RH employees, RH SRT members pretty much,
were on the list. Handling of embargoed stuff in Fedora has been
avoided in general.
> Updated with that address mentioned for critical bugs:
>
> https://gist.github.com/major/2dbb21b8f42dd882439d
In addition to the concerns above, I think you should distinguish
critical and embargoed / non-public. security-team at l.fp.o should still
be preferred for any discussion of critical but already public issue.
--
Tomas Hoger / Red Hat Product Security
More information about the security-team
mailing list