Security reviews for new packages
Jason L Tibbitts III
tibbs at math.uh.edu
Tue Nov 11 19:31:00 UTC 2008
>>>>> "KF" == Kevin Fenzi <kevin at tummy.com> writes:
KF> I'm no expert, but I could take a look I suppose.
Another pair of eyes won't hurt, of course, but honestly I don't know
what's involved in an actual secuity review.
KF> How about we make a F_SECURITY_REVIEW tracker bug, and any review
KF> that needs extra security attention is made to block that bug.
Well, that would work but I'm thinking it's a bit premature to talk
about it until we know that there's at least one proper trained
security person who will actually pay attention to it.
I just don't want to have the security team's first contact with a
package like this to be the posting of CVEs.
- J<
More information about the security
mailing list