Procedure for handling actively exploited security bugs with patches?
Jason L Tibbitts III
tibbs at math.uh.edu
Sun Feb 10 17:10:21 UTC 2008
>>>>> "SG" == Steve Grubb <sgrubb at redhat.com> writes:
SG> Security patches need careful but timely review. I recommend that
SG> the security team coordinate the repair and no one apply
SG> unreviewed patches just because you have access.
Oh, of course we can't trust the community here. What was I thinking?
The security team, who in most cases doesn't even use the software in
question, is in a far better position to evaluate and test fixes than
someone who is actively interested in and familiar with the software.
- J<
More information about the fedora-devel-list
mailing list