Extras Security Policy

Hans de Goede j.w.r.degoede at hhs.nl
Thu Sep 8 05:12:15 UTC 2005


I've just read an article on how most distro's are doing when it comes 
to (timely) releasing security updates on lwn.net (this weeks security 
page subscribers only).

One of the things discussed in this article is that add-on repositories 
usually lack a clear security policy.

One example given is that clamav, an open source virus scanner in extras 
has a real exploitable security flaw, for which upstream has released a 
fix I assume, but which is still exploitable in the Extra's version.

It is in no way my attention to single out clamav, this is just an example.

So I would like to start a discussion about an extra's security policy, 
and about adding security related checks to the review process.

Please reply with your ideas/opinions.



More information about the fedora-extras-list mailing list