Am Freitag, den 13.01.2006, 16:23 -0500 schrieb seth vidal: > On Fri, 2006-01-13 at 15:20 -0600, Josh Boyer wrote: > > > On Fri, 2006-01-13 at 15:15 -0600, Josh Boyer wrote: > > >> > > >> Now the real question is, should there be some sort of defined policy > > >> for security fixes? > > > I'd be game with making a extras-security alert address that had the > > > package signers and some other security folks on it so we could expedite > > > things if need be. > > > > > > but a private list, for obvious reasons. I'm not 100% sure if it needs to be private. I don't like "security by obscurity". But of course it needs to be private *if* we're discussing things under embargoed there. > > I'll second this. Seems like a good idea to me. > > Should we talk about embargos though? > why don't we just ask thorsten to add this to the agenda. Done. Created a page in the wiki at http://www.fedoraproject.org/wiki/Extras/Schedule/SecurityPolicy Could those interested in the topic summarize this thread there? And create a action list about the details that need to be discussed? After that we should probably discuss those on fedora-extras list. -- Thorsten Leemhuis <fedora@xxxxxxxxxxxxx>
