On Wed, Apr 09, 2014 at 11:44:12AM +0000, "Jóhann B. Guðmundsson" wrote: > > On 04/09/2014 11:35 AM, Matthew Miller wrote: > > * quality assurance (again, ideally someone with security expertise to > > advise and coordinate, but fast widespread testing at all levels helps) > You can forget including QA in this since maintainers dont provide > the testing community with test cases so testers cant quickly > through test cases for the affected package and provide the > necessary karma. I would say the _exact opposite_. We need to emphasize building those test cases so they are there when needed. It's also why I noted that someone with security expertise is helpful -- they can provide guidance on what to check. Since each security vulnerability is different, that's probably always going to be valuable. But you are right that having more test cases in advance would help our ability to respond quickly. -- Matthew Miller mattdm@xxxxxxxxxx <http://mattdm.org/> -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
