Extras Security Policy
Michael Schwendt
bugs.michael at gmx.net
Thu Sep 8 09:39:50 UTC 2005
On Thu, 8 Sep 2005 00:15:49 -0500, Dennis Gilmore wrote:
> Once upon a time Thursday 08 September 2005 12:12 am, Hans de Goede wrote:
> > Hi,
> >
> > I've just read an article on how most distro's are doing when it comes
> > to (timely) releasing security updates on lwn.net (this weeks security
> > page subscribers only).
> >
> > One of the things discussed in this article is that add-on repositories
> > usually lack a clear security policy.
> >
> > One example given is that clamav, an open source virus scanner in extras
> > has a real exploitable security flaw, for which upstream has released a
> > fix I assume, but which is still exploitable in the Extra's version.
> >
> > It is in no way my attention to single out clamav, this is just an example.
> the clamav package maintainer has been very quick with updated packages
> which fix security issues in the past the current release in extras is
> 0.86.2 which according to clamav.net is the latest stable release.
Even for FC2/FC1/RHL9 at fedora.us, the 0.86.2 packages are available.
More information about the fedora-extras-list
mailing list