Procedure for handling actively exploited security bugs with patches?
Steve Grubb
sgrubb at redhat.com
Sat Feb 9 16:56:53 UTC 2008
On Saturday 09 February 2008 12:38:02 am Jason L Tibbitts III wrote:
> Make sure things get in bugzilla and are marked as security so the security
> team sees it, and if you have a patch and you have access they I can't see
> why you wouldn't at least commit it and do a scratch build.
In many cases, the suggested fix is a quick reaction that is incomplete or
causes a subtle incompatibility. Security patches need careful but timely
review. I recommend that the security team coordinate the repair and no one
apply unreviewed patches just because you have access.
-Steve
More information about the fedora-devel-list
mailing list