Re: Security release criterion proposal | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
> # There must be no known remote code execution vulnerability which could > be exploited during installation or during use of a live image shipped > with the release > > Points to consider: > > * Possible variants to the type of vulnerability covered...do we also > want to make local privesc vulns blocking? Conversely, do we want to > make only remote *root* execution vulns blocking? I don't know if anyone > would want to go as far as making DoS vulns release blocking, but speak > up if you would! (Of course there is again the local/remote distinction > to consider there: 'all DoS vulns' would be a much tighter standard than > 'remote DoS vulns'). I say, local privilege escalations with publicly available exploits, and remotely triggerable vulnerabilities. If such an issue is known before Final, we should attempt to address it before releasing. Eugene -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
[Home] [Fedora Legacy List] [Fedora Maintainers] [Fedora Desktop] [Red Hat 9 Bible] [Fedora Bible] [Fedora SELinux] [Big List of Linux Books] [Yosemite News] [Yosemite Photos] [KDE Users] [Coolkey] [Fedora Tools]
