Extras Security Policy
Dennis Gilmore
dennis at ausil.us
Thu Sep 8 05:15:49 UTC 2005
Once upon a time Thursday 08 September 2005 12:12 am, Hans de Goede wrote:
> Hi,
>
> I've just read an article on how most distro's are doing when it comes
> to (timely) releasing security updates on lwn.net (this weeks security
> page subscribers only).
>
> One of the things discussed in this article is that add-on repositories
> usually lack a clear security policy.
>
> One example given is that clamav, an open source virus scanner in extras
> has a real exploitable security flaw, for which upstream has released a
> fix I assume, but which is still exploitable in the Extra's version.
>
> It is in no way my attention to single out clamav, this is just an example.
the clamav package maintainer has been very quick with updated packages
which fix security issues in the past the current release in extras is
0.86.2 which according to clamav.net is the latest stable release.
but yes there should be clear direction. Package maintainers need to keep an
eye on the upstream project and release security fixes as soon as possible.
Dennis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-extras-list/attachments/20050908/e5ba8439/attachment.sig>
More information about the fedora-extras-list
mailing list