Josh Bressers bressers at redhat.com
Thu Mar 2 21:24:23 UTC 2006

> So where do we start?
> I guess a good point is to refer everyone to 
> http://fedoraproject.org/wiki/Extras/Schedule/SecurityPolicy  and get some 
> discussion going on that

I've looked that document over in the past.  I admit the times at the end
chart scare me.  That's a fairly complicated chart.  Within Red Hat there
was discussion about how to best classify security issues, this is what we
came up with:

When one has to classify security threats, less is more.

I would suggest something more along these lines:

Critical: Don't bother waiting for the maintainer, do whatever it takes to
    fix it.
Important: A few days.
Moderate: A few weeks.
Low: A few months.


More information about the Fedora-security-list mailing list