Developing a security Bat Signal?
Matthew Miller
mattdm at mattdm.org
Thu Apr 10 14:20:12 UTC 2014
On Thu, Apr 10, 2014 at 03:12:41PM +0100, Tristan Santore wrote:
> > Maybe the system could come with a reminder to keep info current in some
> > way?
> I think the most important thing is to keep not only the maintainers
> informed, but also our general users. Including giving them. mitigation
> advice and explaining exactly what the problem is or was.
Yes, this would be the role of the communications team outlined in the
proposal. When it is crunch time, it is *incredibly* important to have
people other than the active responders doing this, because a) it frees them
up to concentrate on getting fixes out and b) they're probably frazzled
enough to make it hard to communicate clearly.
> I must also say, the response time was quite good too, looking at
> package build times, compared to the time when I was informed of the
> issue. The only problem were the mirrors not syncing up fast enough,
> which makes me wonder if we should dump security fixes into a
> sub-directory in updates, which mirrors could sync up faster.
Yes. <https://fedorahosted.org/rel-eng/ticket/5886>
Help wanted. :)
--
Matthew Miller mattdm at mattdm.org <http://mattdm.org/>
More information about the security
mailing list