Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Eric H. Christensen <sparks-rxtnV0ftBwyoClj4AeEUq9i2O/JbrIOy <at> public.gmane.org>
Subject: Fedora Security Team
Newsgroups: gmane.linux.redhat.fedora.devel.announce
Date: Wednesday 30th July 2014 15:46:48 UTC (over 2 years ago)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Some people have already heard about the new Security Team making the
rounds on BZ trying to clean up vulnerabilities that still linger within
our OS.  Until today I've not said much as I was waiting to see how
successful we'd be at trying to remedy some of these situations.  Turns out
I had nothing to fear.  So with that I formally announce the Security Team
to Fedora and open the doors to all that are interested.

== What are we doing? ==
The Security Team's mission is to assist packagers in closing security
vulnerabilities.  Once alerted to a vulnerability on a package, the
security team can help work with upstream to obtain a patch or a new
release of a package.  Once we have a patch or a new release we attach it
to the vulnerability bug and work with packagers to get the fix pushed.

== How bad is the problem now? ==
As of a few days ago we had 566 open vulnerability tickets that cover both
Fedora and EPEL.  The breakdown of those bugs by severity looks like this:
* Critical: 3
* Important: 69
* Moderate: 366
* Low: 128

The good thing is that few of these vulnerabilities are considered "bad"
(critical and important).  There are likely bugs in there that no longer
apply since the packages have been upgraded but the tickets never got
closed.  Also, a package that is in both Fedora and EPEL will get a ticket
for each so from a pure numbers standpoint there are duplicates in those
stats.

== How many people have signed up for the team?  ==
Over twenty so far.

== How can I join/get involved/learn more about the project? ==
Go look at our wiki page[0], which is still being developed but does
contain some basic information on the team.  We also have a listserv[1] and
an IRC channel[2] where we hang out.

[0] https://fedoraproject.org/wiki/Security_Team
[1] https://lists.fedoraproject.org/mailman/listinfo/security-team
[2] #fedora-security-team on irc.freenode.net

- -- Eric

- --------------------------------------------------
Eric "Sparks" Christensen
Fedora Project

[email protected] - [email protected]
097C 82C3 52DF C64A 50C2  E3A3 8076 ABDE 024B B3D1
- --------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQGcBAEBCgAGBQJT2RNlAAoJEB/kgVGp2CYvwPUL/223Y5GAR9oO5LJl+ltdydh5
C1U4mbWJSzyfNpkWGp6Goj+cWBiQwG2kzqjX97nZwy8hFQPtGFFLZVuZd3fHSQsy
MH2SjjX42zAdVGsqanvmtJrl6v9MgDjJmNTvmbTpemwOyebP0Kswhw5wPbYx4Yb6
hyvVGIjaD6rkTcBP/6Qt4lWgH9OJwYJ1O62CxrScaxaVEPSx3DuA4Gu7QWEi1+qG
CLqXuDYeke6bDx9QG0y00k0PmqmUvYBlz7PUZmeJOaWjkjF58qX2eTZsT/F3pcsx
k/pBmo8IJmHXPdfCWPElPfN22xfR9xPy+pr55LqZLoS84JzT0HsszwxFt6N400Qo
x1SrlIGZCt1XP6OUSrtGXCcK2JcTyoQz5KmSmKBVboMg3pq4muXkkR/z6KGRbEx7
0r79hl/CIoIA7xUeB/3KrIDuySyGVPRBFmGXelj4CkEq+PxwYJVRYe0V3+v2R/jW
fJUAEZyIoi2vh1EOr3qLLoTxQ9rah5O/cOLQGtUngg==
=LOhU
-----END PGP SIGNATURE-----
_______________________________________________
devel-announce mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/devel-announce
 
CD: 4ms