bressers at redhat.com
Thu Mar 2 21:24:23 UTC 2006
> So where do we start?
> I guess a good point is to refer everyone to
> http://fedoraproject.org/wiki/Extras/Schedule/SecurityPolicy and get some
> discussion going on that
I've looked that document over in the past. I admit the times at the end
chart scare me. That's a fairly complicated chart. Within Red Hat there
was discussion about how to best classify security issues, this is what we
came up with:
When one has to classify security threats, less is more.
I would suggest something more along these lines:
Critical: Don't bother waiting for the maintainer, do whatever it takes to
Important: A few days.
Moderate: A few weeks.
Low: A few months.
More information about the Fedora-security-list