On Tue, Jan 16, 2007 at 09:19:07AM -0500, Josh Bressers wrote: > The biggest missing puzzle piece is the lack of tools. I'm currently working > on some tools to more easily track CVE ids via a clever bugzilla interface. I > have some notes on how I plan to do this elsewhere. I can post them at a > later date if anyone is interested. The bigger tool I'm looking for is the > package release tool. It's likely that the security team will want to view > the text of all security updates and edit it if needed. I've mailed lmacken > requesting this ability, he has informed me that the functionality is there. > I'm of the impression that as long as the team has the right tools, we can > operate very efficiently and handle the current inflow of issues. I'd be interested in seeing the details of your Bugzilla CVE tracking. The new package updating system, bodhi[0], currently keeps track of all Bugzilla's and CVEs in their own tables. Upon adding an update, the system grabs the bugs and checks them for a 'Security' keyword, and changes the type of the update accordingly. All of this fun stuff can be found in the model[1]. The 'New Update' form currently has an embargo field; can this safely be removed ? I also would like to completely revamp the current update notifications, mainly to include references such as Bugs, CVE's, and maybe security impact and such if available ? luke [0]: https://hosted.fedoraproject.org/projects/bodhi/ (I have yet to migrate the stuff on the UpdatesSystem wiki[2] here yet) [1]: https://hosted.fedoraproject.org/projects/bodhi/browser/bodhi/model.py [2]: http://fedoraproject.org/wiki/Infrastructure/UpdatesSystem -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
