gallery2 outstanding security bugs -- Abondoned by Berninger?
Kevin Fenzi
kevin at scrye.com
Wed Dec 10 20:25:23 UTC 2008
On Fri, 5 Dec 2008 17:42:16 +0000 (UTC)
cry_regarder at yahoo.com (Cry) wrote:
> Cry <cry_regarder <at> yahoo.com> writes:
>
> >
> > gallery2 has two new versions and outstanding security bugs. I
> > have tried several times to email the maintainer John Berninger
> > with no replies to a few different addresses. Is this software
> > dead in fedora?
>
> Just for form's sake in case it is necessary and can't be
> accelerated, The non-responsive maintainer process was initiated at
>
> https://bugzilla.redhat.com/show_bug.cgi?id=474870
Sounds good.
> Since fedora security loaded several of these bugs and they have CVE
> numbers assigned, why didn't they followup when the maintainer didn't
> respond? Will the slow fix time for these bugs reflect negatively on
> fedora's stats?
Because the fedora security folks are focused on notifying maintainers
and helping them fix things, and making sure security updates are
correct. There isn't any policy in place to have them make the changes,
although if we can get enough people interested in helping that would
be a good thing to try and do.
kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20081210/d2f2442b/attachment.sig>
More information about the fedora-devel-list
mailing list