Extras Security Policy

Dennis Gilmore dennis at ausil.us
Thu Sep 8 05:15:49 UTC 2005

Once upon a time Thursday 08 September 2005 12:12 am, Hans de Goede wrote:
> Hi,
> I've just read an article on how most distro's are doing when it comes
> to (timely) releasing security updates on lwn.net (this weeks security
> page subscribers only).
> One of the things discussed in this article is that add-on repositories
> usually lack a clear security policy.
> One example given is that clamav, an open source virus scanner in extras
> has a real exploitable security flaw, for which upstream has released a
> fix I assume, but which is still exploitable in the Extra's version.
> It is in no way my attention to single out clamav, this is just an example.
the clamav package maintainer  has been very quick  with updated packages 
which fix security issues in the past  the current release in extras  is 
0.86.2  which according to clamav.net  is the latest stable release. 

but yes  there should be clear direction.  Package maintainers need to keep an 
eye on the upstream project  and release security fixes as soon as possible.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-extras-list/attachments/20050908/e5ba8439/attachment.sig>

More information about the fedora-extras-list mailing list