On 19.09.2014 10:09, P J P wrote:
Please see -> https://fedoraproject.org/wiki/Security_Team
The wiki has been updated to add FST process details. Please have a look in case you spot
The CVE section describes a process which we have not discussed at
any meeting - I would prefer that before putting in effect. My worry is this extends the
role of the team too much and dilute our efforts that currently go into fixing vulnerable
Earlier today, I was discussing with
who said, we need to define how we
handle issues in packages wherein upstream is unresponsive or is dead. We need to close
such issues and retire those packages.
If you know other such instances wherein users don't know what to do, let's
please collate them together and define a course of action for them.
Your comments/inputs/suggestions are most welcome! :)
I think we should not rush
into fitting existing process on Fedora.
security-team mailing list
Jan Rusnacko, Red Hat Product Security