On Sat, 2006-03-25 at 10:24 -0500, David Eisner wrote: > > Other distros had advance warning about this vulnerability, and hence > more time to apply patches and do testing. Is there a way Fedora Legacy > could be added to the list of vendors that are notified in this type of > situation? > > Who decides whom to notify in advance. Sendmail, Inc.? I imagine they > want vendors to keep the information under wraps until the official > announcement is made. (I could be wrong.) How would this work with > Fedora Legacy? Is it possible? > This one was pushed by CERT, and they have individual agreements with various vendors. Fedora Legacy isn't one of those vendors. However after speaking with Red Hat security team, it turns out that CERT drives an issue like this once a year or so, very low volume. The majority of other issues are vetted through vendor-sec, which we are a part of. We are moving to a point in which we can prepare updates prior to the issue being public. Our new build software was a huge step, so look for faster response times in the future. -- Jesse Keating RHCE (geek.j2solutions.net) Fedora Legacy Team (www.fedoralegacy.org) GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub)
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
