Extras Security Policy
Michael Schwendt
bugs.michael at gmx.net
Thu Sep 8 21:14:36 UTC 2005
On Thu, 08 Sep 2005 12:57:48 +0200, Hans de Goede wrote:
> The moral, volunteers can and will do hard things, although accasionally
> and security is not nescesarry all that hard.
>
> To conclude I would like to take back my previous statement:
>
> > I'm in no way volunteering todo any of the work this will cause, not
> > because I don't want to, but because I don't have the time.
>
> and to volunteer my (limited) time as a member of a FE security team,
> who wants to join me?
I advise creating a concept first, then considering the creation of a
"security team" after some proof-of-concept security reports (either
tracking vulnerabilities in Extras or reporting unclosed ones). For
example, bugtraq list traffic alone can be close to useless if a
subscriber doesn't know every package which is in Extras. Some clever
automated searching for package names could be helpful. I also believe
that a real security team would benefit from access to vendor-sec
information, and that won't be available for a team of volunteers
without a track record.
More information about the fedora-extras-list
mailing list