So I've been having a conversation with Mark Cox about the Debian/Ubuntu SSL bug. This is basically a horror story of what can go wrong when packagers don't maintain close relationships with upstream. I asked Mark, "what security policies do we have in place to keep this from happening in Fedora-land?" And his response was, "I don't know, what security policies do we have in place to keep this from happening in Fedora-land?"
We know that RHEL is secure and stable, and we *do* have safeguards in place to prevent this from happening in RHEL-land. But a mistake like this in Fedora-land would be every bit as bad for the Red Hat and Fedora brands.
Are there any steps we can take to protect ourselves from this kind of mistake -- in which a packager does something dumb to the package and no one notices it?
--g -- Greg DeKoenigsberg Community Development Manager Red Hat, Inc. :: 1-919-754-4255 "To whomsoever much hath been given... ...from him much shall be asked" _______________________________________________ fedora-advisory-board mailing list fedora-advisory-board@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-advisory-board
