2:36 p.m.
Hi!
Years ago, I worked with the Fedora Legacy project. So, wanting to get
involved in Fedora again, I looked up Fedora Security on the wiki.
Digging around, I am not seeing much presence for security? The
mailling-list archive shows no activity on the
security-team(a)lists.fedoraproject.org mailing list at all since last
October? And no team meetings?
Just who/how are security vulnerabilities handled in Fedora now? And are
fixed Fedora security vulnerabilities announced on any emailing list,
like they are in the centos-announce(a)centos.org mailing list for CentOS?
(I cannot find them yet in lists.fedoraproject.org if they're out there
somewhere, after having dug around there awhile....)
How does a volunteer help out with the Fedora security effort these days?
Thanks!
Sincerely,
David D. Eisenstein
"deisenstein" on the FAS.
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
2:48 p.m.
Okay. Found this meeting:
https://fedoraproject.org/wiki/Security_Team_FAD_2016
but nothing about it having happened ... or outcomes, take-aways?
Also found the package-announce(a)lists.fedoraproject.org list ... and
[SECURITY]-labeled bugs there. Sorry about that....
Thanks! --David
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
8:03 a.m.
Hello,
2017-04-18 21:36 GMT+02:00 David Eisenstein <deisenstein(a)att.net>:
Digging around, I am not seeing much presence for security? The
mailling-list archive shows no activity on thesecurity-team(a)lists.fedoraproject.org
mailing list at all since last
October? And no team meetings?
Sounds about right; security-relevant discussions, if any, happen on the
global
fedora-devel list, but there is not an all-encompassing Fedora
security group with regular meetings to my knowledge.
Just who/how are security vulnerabilities handled in Fedora now?
By the individual package maintainers; I think this was always their
primary
responsibility. Red Hat’s security team may Fedora bugs for
vulnerabilities they are tracking (this is certainly happening for some
packages), I don’t know whether there is any formal commitment, and I would
not expect this tracking to be done for the whole universe of Fedora
packagers.
Either way, developing and publishing the fix is the responsibility of the
individual package maintainers.
Mirek
3:41 p.m.
On Tue, Apr 18, 2017 at 02:36:10PM -0500, David Eisenstein wrote:
Years ago, I worked with the Fedora Legacy project. So, wanting to
get
involved in Fedora again, I looked up Fedora Security on the wiki.
Digging around, I am not seeing much presence for security? The
mailling-list archive shows no activity on the
security-team(a)lists.fedoraproject.org mailing list at all since last
October? And no team meetings?
Things do seem to have dropped off. Maybe you can help get it started
again?
Just who/how are security vulnerabilities handled in Fedora now? And
are
fixed Fedora security vulnerabilities announced on any emailing list,
like they are in the centos-announce(a)centos.org mailing list for CentOS?
(I cannot find them yet in lists.fedoraproject.org if they're out there
somewhere, after having dug around there awhile....)
Here:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedo...
Look for messages tagged "[Security]".
--
Matthew Miller
<mattdm(a)fedoraproject.org>
Fedora Project Leader
2559
days inactive
2565
days old
security@lists.fedoraproject.org
3 comments
3 participants
participants (3)
-
David Eisenstein -
Matthew Miller -
Miloslav Trmac