Developing a security Bat Signal?
Matthew Miller
mattdm at fedoraproject.org
Tue Apr 8 13:11:28 UTC 2014
I think we did a pretty good job in responding to CVE-2014-0160, but there's
also room for improvement.
One particular need is the ability to get in touch with owners of core
components, or if they are not available, provenpackagers with particular
security expertise -- and in either case, also _testers_ with a security
background.
Maybe we need to have some sort of (opt-in) Fedora Bat Signal for
extra-critical and urgent security issues in core packages. We would promise
not to use it unless the internet were actually on fire, as it appears to be
in this case, and then have (escrowed somewhere?) private 24/7 contact
information (phone numbers, SMS).
What do you think? Anyone interested in developing this idea further?
--
Matthew Miller -- Fedora Project -- <mattdm at fedoraproject.org>
"Tepid change for the somewhat better!"
More information about the security
mailing list