On Mon, 2010-01-25 at 22:00 -0800, Adam Williamson wrote:
== New and changed privilege escalation mechanisms ==
Any new privilege escalation mechanisms (where mechanism is defined as "the code that directly causes privilege escalation") must be submitted to, and approved by, the Fedora packaging committee. The development and QA mailing lists must be notified of the approval of new privilege escalation mechanisms. Any significant changes to the semantics of existing privilege escalation mechanisms (except for changes that are obviously not security-relevant) must be announced to the development and QA mailing lists.
Not to sound disrespectful, but why should the packaging committee have and special say in privilege escalation mechanisms ? How does a special interest in spec file syntax qualify for security audits ?
I propose to s/packaging committee/FESCo/ there.