Re: Developing a security Bat Signal?

Tristan Santore <tristan.santore@xxxxxxxxxxxxxxxxxxxxx> · Tue, 08 Apr 2014 15:09:39 +0100



    On 08/04/14 14:57, Mark Cox wrote:

    > Cant tell if I did reply all on
      my reply.   No need meeting for srt we caught up offline.

      >

      >

      > -----Original Message-----

      > From: Major Hayden [major@xxxxxxxx]

      > Received: Tuesday, 08 Apr 2014, 2:34PM

      > To: security@xxxxxxxxxxxxxxxxxxxxxxx

      > Subject: Re: Developing a security Bat Signal?

      >

      >

    On 4/8/14, 8:11, Matthew Miller wrote:

      > Maybe we need to have some sort of (opt-in) Fedora Bat Signal
      for

      > extra-critical and urgent security issues in core packages.
      We

      > would promise not to use it unless the internet were actually
      on

      > fire, as it appears to be in this case, and then have
      (escrowed

      > somewhere?) private 24/7 contact information (phone numbers,
      SMS).

      
      > What do you think? Anyone interested in developing this idea

      > further?

      
      This is a great idea and would really be valuable in the types of

      situations we had yesterday.  I ended up jumping on Twitter/G+ to

      spread the news about package updates.  Having a team dedicated to
      the

      fixing and the communications would help keep people better
      informed.

      
      With that said, I'd be glad to help.  I'm sure we can come up with

      some technologies and processes relatively quickly.  Something as

      simple as a call to join #fedora-eoc (emergency operations center)

      might be a good stopgap.

      
    > --

      > security mailing list

      > security@xxxxxxxxxxxxxxxxxxxxxxx

      > https://admin.fedoraproject.org/mailman/listinfo/security

      >

      >

      > --

      > security mailing list

      > security@xxxxxxxxxxxxxxxxxxxxxxx

      > https://admin.fedoraproject.org/mailman/listinfo/security

    
    We should be calling it the hat signal though, preferably with three
    distinct colours. Red for RHEL issues. Blue for Fedora. And green,
    purple, orange and blue for CentOS. ;-p

    
    Regards,

    
    Tristan

    
    -- 

    
    Tristan Santore BSc MBCS

    TS4523-RIPE

    Network and Infrastructure Operations

    InterNexusConnect

    Mobile +44-78-55069812

    Tristan.Santore@xxxxxxxxxxxxxxxxxxxxx

    
    Former Thawte Notary

    (Please note: Thawte has closed its WoT programme down,

    and I am therefore no longer able to accredit trust)

    
    For Fedora related issues, please email me at:

    TSantore@xxxxxxxxxxxxxxxxx

    
--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security