Hello,
2017-04-18 21:36 GMT+02:00 David Eisenstein <deisenstein@xxxxxxx>:
Digging around, I am not seeing much presence for security? The mailling-list archive shows no activity on the security-team@lists.fedoraproject.org mailing list at all since last October? And no team meetings?
Sounds about right; security-relevant discussions, if any, happen on the global fedora-devel list, but there is not an all-encompassing Fedora security group with regular meetings to my knowledge.
Just who/how are security vulnerabilities handled in Fedora now?
By the individual package maintainers; I think this was always their primary responsibility. Red Hat’s security team may Fedora bugs for vulnerabilities they are tracking (this is certainly happening for some packages), I don’t know whether there is any formal commitment, and I would not expect this tracking to be done for the whole universe of Fedora packagers.
Either way, developing and publishing the fix is the responsibility of the individual package maintainers.
Mirek_______________________________________________ security mailing list -- security@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to security-leave@xxxxxxxxxxxxxxxxxxxxxxx
