Re: Fedora 7 and the Security Response Team

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

On Tuesday 03 April 2007, Josh Bressers wrote:
> As everybody is no doubt aware, Fedora 7 is bringing a number of changes,
> one of which will be putting the burden of security on the Fedora Security
> Response Team.  Right now it's basically the Red Hat Security Response Team
> working on Core, and not much of anything happening for Extras.  This is 
> going to change.

Any updates on this?  It looks to me as if things have changed for worse.

I haven't seen any other activity in CVS than my own updates to the fe* files.  
There's no merged f7 audit file, and nobody appears to be keeping fc* up to 
date either, and security related Bugzilla entries besides the ones I've 
filed (if there are any others, dunno) do not seem to be Cc'd to this list.

As of now, I'm suspending my efforts to routinely track CVE's and other 
sources until the situation becomes clearer.  With the number of people even 
reporting issues and keeping CVS up to date (*one* commit in 2007 to fe* by 
someone besides me, in February, and none in fc* by anyone since May) being 
close to zero, and being the only one who does that not being what I "signed 
up" for, I don't think it would be responsible behaviour from me to keep 
doing it in the current circumstances.  Full, timely coverage is simply way 
too much work, and casually doing it might give a false impression to users 
and maintainers that things would be properly tracked.

Fedora-security-list mailing list

[Home]     [Fedora Legacy List]     [Fedora Maintainers]     [Fedora Desktop]     [Red Hat 9 Bible]     [Fedora Bible]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Coolkey]     [Fedora Tools]

Powered by Linux