On Sat, 2006-04-01 at 23:55 -0600, Robert 'Bob' Jensen wrote: > Is there a current web space that users can look for security issues > that may apply to them? If not is this something that should be created > and maintained by the community at large? If it does how can we promote > this resource so users are aware can do research and can make wise > choices? Well, we get many security announcements to f-announce-l. It seems like an extra burden for us to track down and highlight security risks for applications not in Core or Extras; hard to know where to draw the line, and people are always going to think we drew it too far or not far enough. It might be cool if we could get security announcements to all magically appear on a page ... or in a searchable database ... and that would cover us for everything in Core and Extras thoroughly. We could link to external lists of non-FC/FE vulnerabilities for packages in third-party repos. FedoraNews.org and other news/planet sites might be a good place to draw attention to a vulnerability that is outside of the normal FC/FE-sphere but many users may have installed. For example, if there were a vulnerability in XMMS's MP3 plug-in, we would be remiss if no one announced it because it has the evil MP3 word in it. - Karsten -- Karsten Wade, RHCE * Sr. Editor * http://people.redhat.com/kwade/ gpg fingerprint: 2680 DBFD D968 3141 0115 5F1B D992 0E06 AD0E 0C41 Fedora Documentation Project http://fedoraproject.org/wiki/DocsProject Learn. Network. Experience open source. Red Hat Summit Nashville | May 30 - June 2, 2006 Learn more: http://www.redhat.com/promo/summit/
Attachment:
signature.asc
Description: This is a digitally signed message part
