Fedora 7 and the Security Response Team

Kevin Fenzi kevin at tummy.com
Mon Jun 11 18:44:20 UTC 2007 

On Mon, 11 Jun 2007 13:24:34 -0400
Josh Bressers <bressers at redhat.com> wrote:

> > >
> > >
> > > How you can help.
> > 
> > I've been wanting to help, but not sure of practices and procedures
> > used.
> > 
> > Perhaps we could clarify a few things for me:
> > 
> 
> > 
> > - Should the filed bug have a CC to the list? I guess you mentioned
> > this above. I think it's probibly a good idea so folks can see the
> > progress of fixes.
> 
> While I'm personally not a fan of this, if people want it, we should
> probably do it.

Well, I find it nice to be able to see replies from maintainers that
they are looking at it, or need more info, etc. 

I don't know how much traffic it will end up being tho when there is
more coverage. Might need re-evaluating if it's a gigantic pile. 

> 
> > 
> > - Is there any key for the format of the audit cvs files?=20
> 
> Not really, look at what's there to get an idea of how it goes.

ok. 

> > 
> > - Is there any acl on the audit files? Who is allowed to update
> > those?
> 
> Here is the current list:
> 
> avail | mjc,bressers,jorton,notting,sopwith,katzj,holtmann |
> fedora-security avail | lkundrak | fedora-security
> avail | jkeating,ausil,tibbs,kaboom,scop,questor | fedora-security
> 
> If you're willing to help, access can be granted.

Sure, I can assist. My FAS account is kevin... 

> > Well, if it will be listed in cvs, can't we just have folks go and
> > update as they process?
> 
> Ideally, yes.  I however don't want people to duplicate work.  I
> suspect the easiest way is going to be for someone to just mark a
> block of ids as what they're working on.  Something like
> 
> **** bressers ****
> CVE blah blah blah
> ... ===> Lots of CVE ids here
> CVE blah blah blah
> **** bressers ****
> 
> Check in some bits to make it known you're on it, then start wading
> through the manure.

Yeah, that could work. We could use a wiki page, but since the cvs file
is there, it makes sense to me to just use that. 

> 
> Thanks.
> 

kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/security/attachments/20070611/0d978c43/attachment.bin

More information about the security mailing list