On Tue, Jul 21, 2009 at 5:16 PM, Mike McGrath<mmcgrath@xxxxxxxxxx> wrote: > On Tue, 21 Jul 2009, Dimitris Glezos wrote: > >> On Tue, Jul 21, 2009 at 5:08 PM, Bill Nottingham<notting@xxxxxxxxxx> wrote: >> > Greg DeKoenigsberg (gdk@xxxxxxxxxx) said: >> >>> I'm guessing that this 1 fulltime person in a security response team >> >>> role is to track, monitor, and coordinate the issues that need to be >> >>> addressed. Which in many cases is different from the devel, releng and >> >>> test aspects - necessitating much more than 1 fulltime person's worth >> >>> of work to pull off the broader initiative. Right? >> >> >> >> In the world of RHEL, this would certainly be true -- but in the world of >> >> Fedora? >> > >> > Note that also there are likely to be *more* issues to track in Fedora >> > than in RHEL; after all, Fedora is much larger. >> >> Is it necessary to go all-or-nothing, or is there a smart and simple >> way to only issue updates for a subset of Fedora's packages (eg. the >> ones that are shipped on the DVD for example)? >> > > That sounds confusing to me, if I installed via DVD and install any > additional package, how am I to know whether or not my system is secure or > not? This is definitely something that needs some thinking. Maybe a notification to the user that, past this date, the following packages you have installed do not automatically receive security updates? This would be useful as a vanilla Fedora feature too, complimenting our EOL fedora-announce email. -d -- Dimitris Glezos Transifex: The Multilingual Publishing Revolution http://www.transifex.net/ -- http://www.indifex.com/ _______________________________________________ fedora-advisory-board mailing list fedora-advisory-board@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-advisory-board
