Extras Security Policy

Hans de Goede j.w.r.degoede at hhs.nl
Thu Sep 8 10:59:07 UTC 2005


Linus Walleij wrote:
> On Wed, 7 Sep 2005, Warren Togami wrote:
> 
>> but security is *hard* for volunteers to do.  Nobody is accountable 
>> because it isn't their job responsibility.
> 
> 
> But aren't there people using FC+Exras at their work, even being 
> sysadmins for large installation bases and reading CERT and bugtraq 
> advisories? (No, not everyone use RHEL.) I believe many such 
> installations and sysadmins do exist, and part of the natural 
> responsibility for such people would be to help the Extras in fixing the 
> packets at source.
> 
> If such people does not exist, then proper security audit is perhaps not 
> a main focus for the Extras and rather something to be carried out by 
> RHEL or other large vendors?
> 

I believe that audits are out of our league, we simply don't have the 
capacity, but we should be able to create an infrastructure to follow 
bugtraq reports and upgrade package with the upstream fixes ASAP.

Regards,

Hans





More information about the fedora-extras-list mailing list