On Tue, Apr 08, 2014 at 08:34:26AM -0500, Major Hayden wrote: > This is a great idea and would really be valuable in the types of > situations we had yesterday. I ended up jumping on Twitter/G+ to > spread the news about package updates. Having a team dedicated to the > fixing and the communications would help keep people better informed. > > With that said, I'd be glad to help. I'm sure we can come up with > some technologies and processes relatively quickly. Something as > simple as a call to join #fedora-eoc (emergency operations center) > might be a good stopgap. I created https://fedorahosted.org/fesco/ticket/1278 to help track this idea. It's more a security SIG thing than FESCo, but I think it's important enough that it deserves tracking somewhere. Copying from that: We need to have responders for * coordination (it helps when one person has the "incident lead" baton; can be passed around as needed) * communications (drafting and sending community messages; email, web, social media) * package fixing (ideally package maintainer is security expert, second best is package maintainer + security expert, third is security expert with provenpackager privileges or assistance from someone who has them, or last resort, provenpackager alone) * quality assurance (again, ideally someone with security expertise to advise and coordinate, but fast widespread testing at all levels helps) release engineering (lots of work getting an update out as an exception to normal flow) and the ability to get at least one person in each role out of bed in the event of an emergency. -- Matthew Miller mattdm@xxxxxxxxxx <http://mattdm.org/> -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
