Fedora Extras Security Response Team
Josh Bressers
bressers at redhat.com
Fri Apr 28 20:15:19 UTC 2006
Hello everybody.
In case you didn't see, there was a post by Thorsten Leemhuis to the
fedora-extras list regarding the creation of a Fedora Extras security
response team. The message can be seen here:
https://www.redhat.com/archives/fedora-extras-list/2006-April/msg01650.html
Here are the people I know have an interest in helping out with the
security response team:
Hans de Goede
Jason L Tibbitts III
Dennis Gilmore
Jochen Schmitt
Ville Skyttä
Michael J Knox
If you're interested, feel free to chime in.
Right now I have a pretty good idea of what's needed to get this project
off the ground. We have a mailing list (which would be step one).
I need to fix up some CVS space for things like tools and tracking text
files. This repository is here:
http://cvs.fedora.redhat.com/viewcvs/fedora-security/?root=fedora
We will need a package manifest. Basically a file that tells us which
packages and versions we're currently shipping in extras. A tool to
generate this will also be needed since we'll want to update this file on a
regular basis. Given how fast Extras changes I think this will be the
easiest way to check if we currently ship package <foo>.
An errata template is needed. I'm thinking we should copy the current
Fedora Core template for now. We can mangle it as we see fit at a later
date.
Process needs to be documented on the fedoraproject wiki. Since we don't
currently have a process, this is the only thing done :)
The most important part of this will be making it easy to specify what we
expect of ourselves. I hope to have some time this weekend to clean up the
security wiki pages a bit.
I think this is enough for now. Questions, Comments?
--
JB
More information about the Fedora-security-list
mailing list