Security testing: need for a security policy, and a security-critical package process
Jesse Keating
jkeating at redhat.com
Mon Nov 23 22:33:32 UTC 2009
On Mon, 2009-11-23 at 14:08 -0800, Adam Williamson wrote:
> This list of packages
> would be what the QA team would test with regard to the security policy.
> We also believe there ought to be a process for maintaining this list,
> and additions to the packaging guidelines for any new package which
> would be on this list or any existing package for which a proposed
> change would add it to this list. We could also hook AutoQA into this
> process, to run additional tests on security-sensitive packages or alert
> us when a package change was submitted which added security-sensitive
> elements to an existing package.
I would warn against trying to have a manual static list of packages
here, same as crit-path. These packages need to be discoverable via
software.
--
Jesse Keating
Fedora -- Freedom² is a feature!
identi.ca: http://identi.ca/jkeating
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20091123/4b1222f0/attachment.sig>
More information about the fedora-devel-list
mailing list