F15 - status of /run/user, /dev/shm, and potential for a DoS attack
jb.1234abcd at gmail.com
Wed May 18 12:02:42 UTC 2011
Jóhann B. Guðmundsson <johannbg <at> gmail.com> writes:
> The QA community is not a security or an risk assessment team.
> We leave that part up to security team which possesses the necessary
> skill resource and experience to correctly evaluate and assess any
> concern raised related security ( or lack there of ) within the project.
That would be right from the formal point of view, as an additional or
follow-up venue to discuss security problems.
> thus security related questions are off topic for this list and should
> be asked on Fedora's security mailinglist  instead.
I think you are playing a censor here ... "Off-topic" ?
That's a little bit a mental overstretch, considering what is affected.
You did not protest when the issue was raised here on this list in the first
place, did you ? You would look foolish, methinks ...
Security issues, as any other issues, are part of development process, and are
subject to quality assessment all the time during that process, but certainly
in the final stage when release decision is made about the product.
Adam's response was much more levelheaded -:)
More information about the test