Hello everybody. In case you didn't see, there was a post by Thorsten Leemhuis to the fedora-extras list regarding the creation of a Fedora Extras security response team. The message can be seen here: https://www.redhat.com/archives/fedora-extras-list/2006-April/msg01650.html Here are the people I know have an interest in helping out with the security response team: Hans de Goede Jason L Tibbitts III Dennis Gilmore Jochen Schmitt Ville Skyttä Michael J Knox If you're interested, feel free to chime in. Right now I have a pretty good idea of what's needed to get this project off the ground. We have a mailing list (which would be step one). I need to fix up some CVS space for things like tools and tracking text files. This repository is here: http://cvs.fedora.redhat.com/viewcvs/fedora-security/?root=fedora We will need a package manifest. Basically a file that tells us which packages and versions we're currently shipping in extras. A tool to generate this will also be needed since we'll want to update this file on a regular basis. Given how fast Extras changes I think this will be the easiest way to check if we currently ship package <foo>. An errata template is needed. I'm thinking we should copy the current Fedora Core template for now. We can mangle it as we see fit at a later date. Process needs to be documented on the fedoraproject wiki. Since we don't currently have a process, this is the only thing done :) The most important part of this will be making it easy to specify what we expect of ourselves. I hope to have some time this weekend to clean up the security wiki pages a bit. I think this is enough for now. Questions, Comments? -- JB
