Fedora 7 and the Security Response Team
Josh Bressers
bressers at redhat.com
Mon Jun 11 17:24:34 UTC 2007
> >
> >
> > How you can help.
>
> I've been wanting to help, but not sure of practices and procedures
> used.
>
> Perhaps we could clarify a few things for me:
>
>
> - Should the filed bug have a CC to the list? I guess you mentioned
> this above. I think it's probibly a good idea so folks can see the
> progress of fixes.
While I'm personally not a fan of this, if people want it, we should
probably do it.
>
> - Is there any key for the format of the audit cvs files?=20
Not really, look at what's there to get an idea of how it goes.
>
> - Is there any acl on the audit files? Who is allowed to update those?
Here is the current list:
avail | mjc,bressers,jorton,notting,sopwith,katzj,holtmann | fedora-security
avail | lkundrak | fedora-security
avail | jkeating,ausil,tibbs,kaboom,scop,questor | fedora-security
If you're willing to help, access can be granted.
>
> > Any help will be appreciated and accepted. Once the FC7 file exists,
> > we will need to go through the CVE ids and identify which flaws need
> > to be addressed. Some of the ids will be low hanging fruit that will
> > only take a few minutes to verify. Other will take a long time and
> > it's possible you will have to go through source.
> > I'm not sure how to section off this file, anyone with any ideas?
>
> Well, if it will be listed in cvs, can't we just have folks go and
> update as they process?
Ideally, yes. I however don't want people to duplicate work. I suspect
the easiest way is going to be for someone to just mark a block of ids as
what they're working on. Something like
**** bressers ****
CVE blah blah blah
... ===> Lots of CVE ids here
CVE blah blah blah
**** bressers ****
Check in some bits to make it known you're on it, then start wading through
the manure.
Thanks.
--
JB
More information about the security
mailing list