I think we did a pretty good job in responding to CVE-2014-0160, but there's
also room for improvement.
One particular need is the ability to get in touch with owners of core
components, or if they are not available, provenpackagers with particular
security expertise -- and in either case, also _testers_ with a security
background.
Maybe we need to have some sort of (opt-in) Fedora Bat Signal for
extra-critical and urgent security issues in core packages. We would promise
not to use it unless the internet were actually on fire, as it appears to be
in this case, and then have (escrowed somewhere?) private 24/7 contact
information (phone numbers, SMS).
What do you think? Anyone interested in developing this idea further?
--
Matthew Miller -- Fedora Project -- <mattdm@xxxxxxxxxxxxxxxxx>
"Tepid change for the somewhat better!"
--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security
