Another chance for folks to jump right in:
-------- Forwarded Message --------
From: Eric H. Christensen <sparks(a)fedoraproject.org>
Reply-to: devel(a)lists.fedoraproject.org
To: announce(a)lists.fedoraproject.org
Cc: devel-announce(a)lists.fedoraproject.org
Subject: Fedora Security Team
Date: Wed, 30 Jul 2014 11:46:48 -0400
Some people have already heard about the new Security Team making the rounds on BZ trying
to clean up vulnerabilities that still linger within our OS. Until today I've not
said much as I was waiting to see how successful we'd be at trying to remedy some of
these situations. Turns out I had nothing to fear. So with that I formally announce the
Security Team to Fedora and open the doors to all that are interested.
== What are we doing? ==
The Security Team's mission is to assist packagers in closing security
vulnerabilities. Once alerted to a vulnerability on a package, the security team can help
work with upstream to obtain a patch or a new release of a package. Once we have a patch
or a new release we attach it to the vulnerability bug and work with packagers to get the
fix pushed.
== How bad is the problem now? ==
As of a few days ago we had 566 open vulnerability tickets that cover both Fedora and
EPEL. The breakdown of those bugs by severity looks like this:
* Critical: 3
* Important: 69
* Moderate: 366
* Low: 128
The good thing is that few of these vulnerabilities are considered "bad"
(critical and important). There are likely bugs in there that no longer apply since the
packages have been upgraded but the tickets never got closed. Also, a package that is in
both Fedora and EPEL will get a ticket for each so from a pure numbers standpoint there
are duplicates in those stats.
== How many people have signed up for the team? ==
Over twenty so far.
== How can I join/get involved/learn more about the project? ==
Go look at our wiki page[0], which is still being developed but does contain some basic
information on the team. We also have a listserv[1] and an IRC channel[2] where we hang
out.
[0]
https://fedoraproject.org/wiki/Security_Team
[1]
https://lists.fedoraproject.org/mailman/listinfo/security-team
[2] #fedora-security-team on
irc.freenode.net
-- Eric
--------------------------------------------------
Eric "Sparks" Christensen
Fedora Project
sparks(a)fedoraproject.org - sparks(a)redhat.com
097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1
--------------------------------------------------
_______________________________________________
devel-announce mailing list
devel-announce(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel-announce
--
devel mailing list
devel(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct:
http://fedoraproject.org/code-of-conduct