On 4/3/06, Karsten Wade <kwade@xxxxxxxxxx> wrote: > On Sat, 2006-04-01 at 23:55 -0600, Robert 'Bob' Jensen wrote: > > > Is there a current web space that users can look for security issues > > that may apply to them? If not is this something that should be created > > and maintained by the community at large? If it does how can we promote > > this resource so users are aware can do research and can make wise > > choices? > > Well, we get many security announcements to f-announce-l. It seems like > an extra burden for us to track down and highlight security risks for > applications not in Core or Extras; hard to know where to draw the line, > and people are always going to think we drew it too far or not far > enough. > > It might be cool if we could get security announcements to all magically > appear on a page ... or in a searchable database ... and that would > cover us for everything in Core and Extras thoroughly. We could link to > external lists of non-FC/FE vulnerabilities for packages in third-party > repos. > > FedoraNews.org and other news/planet sites might be a good place to draw > attention to a vulnerability that is outside of the normal FC/FE-sphere > but many users may have installed. For example, if there were a > vulnerability in XMMS's MP3 plug-in, we would be remiss if no one > announced it because it has the evil MP3 word in it. >From time to time, I do post security information from third party companies such as Adobe and Real on fedoranews.org. If you believe the information is critical for desktop computing environment, feel free to forward such security announcement and I'll add it under a new category which also generates rss feed. http://fedoranews.org/cms/Categories Regards, -- Thomas Chung http://fedoraproject.org/wiki/ThomasChung