Re: infrastructure modest proposal

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Dec 12, 2008 at 1:37 PM, Kevin Martin <kevintm@xxxxxxxxxxxxx> wrote:
> FWIW I have been in the security arena for some time and any security
> patch that hasn't been vetted somehow beforehand has to be considered a
> security risk in and of itself.  While fixing one risk who knows what
> may be introduced if the patch isn't tested...could open up a more
> severe hole than what was being patched.  In good programming practices
> there's NO reason to not go thru the proper SDLC to make sure that
> something isn't going to cause more problems than not.  I understand
> that mistakes are made; we've all made mistakes and will make many more
> before we're done.  But having and following guidelines for testing, qa,
> and then production and making sure that the production environment is
> COMPLETELY cutoff from the testing area (ie: patches MUST be released
> from QA as testing can't even see production) will make sure to keep, in
> this case, this type of issue from cropping up.


I'm not a security expert. If you have a strong case to make about not
rushing security updates through to stable you should probably engage
the Fedora security team about that and get their input and consensus
about making that a policy change proposal.

-jef

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux