Re: Security release criterion proposal

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2011-05-19 at 10:00 +0800, Eugene Teo wrote:

> I say, local privilege escalations with publicly available exploits, and
> remotely triggerable vulnerabilities. If such an issue is known before
> Final, we should attempt to address it before releasing.

Note, a release criterion would have a stronger result: you say 'attempt
to address it before releasing', but the effect of a release criterion
is that issues which breach it *must* be fixed before we release; the
release would slip until it was addressed. If you want a weaker effect,
the NTH process (which works off more flexible 'principles' rather than
strict criteria) is appropriate: an NTH bug is one for which we will
break a release freeze to take a fix, but which doesn't block the
release (if a fix isn't ready in time, we still go ahead and release).

Once we have consensus on a release criterion - or not having a release
criterion - I'll make a follow-up proposal for an NTH principle to cover
less serious security issues.
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net

--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux