On Sat, 2006-04-01 at 13:06 -0600, David Eisenstein wrote: > Hello, > > The other week, I sent a notice to fedora-legacy-list and fedora- > security-list regarding the Macromedia Flash critical vulnerability > (CVE-2006-0024, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0024) > thinking that, even though it is proprietary and therefore Fedora Core, > Legacy, & Extras do not distribute it nor provide any support for it, that > I could tell my friends on both lists about it, since this bug has the > alleged possibility to run abitrary code remotely and so is critical. > > Here's the post: > <http://www.redhat.com/archives/fedora-legacy-list/2006-March/msg00107.html> > > Some reservations were expressed to me privately about using our mailing > list(s) to broadcast such information, after I already sent the thing out. > Yet I sent it out, because I felt it would be important for folks who > don't get Red Hat Enterprise Linux's security errata to be aware of the > issue so they can protect their computers. You are certainly allowed as a individual to post such warnings to the list. Just make it explicit that you are posting not on behalf of the project when it is controversial. Warren Togami for example made a announcement on the arrangement he had with Macromedia for a flash repository. That might be better suited for Fedora Legacy users too. https://www.redhat.com/archives/fedora-announce-list/2006- March/msg00037.html > Perhaps this needs more discussion, however. As participating members of > the Fedora Project team, are there things we should not say on the mailing > list(s)? I would say the usual netiquette guidelines such as generally being nice to each other apply but anything that doesnt fit the ideals of the project probably shouldnt be promoted in formal capacity. For this kind of issues such as security vulnerabilities is something that we need to be responsible about even when we actually dont ship the applications or support them formally. Rahul Ps: No need to cc me. I am on this list as well now.
