Disturbing lack of FE security updates announcements!
Hans de Goede
j.w.r.degoede at hhs.nl
Thu Nov 9 13:36:50 UTC 2006
Josh Bressers wrote:
>>> The right way to solve this problem is to send announcements for every FE
>>> update (security or not), and to let the security team edit security
>>> advisories to ensure the proper information is included.
>>>
>> That is one solution, but given the rolling release model of FE, that are going to
>> be a lot of announcements. Why not ask FE package maintainers to send a security
>> announcement out when they push an update which has security implications / fixes?
>>
>
> I don't believe this will work, but if you think so, write up your idea
> with some technical details and send it to the fedora security list for
> discussion.
>
Hmm, I'm not all that fond on writing proposals esp. this early in the process, I'll
first let this thread run a couple of days to get some more input and then I'll try
to write something for FESco / the security list.
> The fundamental flaw with this I see is what happens when someone decides
> to ignore the request? With the sheer number of extras packages we don't
> have a terribly good way of tracking what's getting fixed and when. As
> crazy as this sounds, no security advisories is a better situation that half
> assed security advisories. Security advisories should be all or none lest
> we just create more problems than we already have.
>
Agreed.
Regards,
Hans
More information about the fedora-extras-list
mailing list