On Sat, Nov 07, 2009 at 02:44:18PM +0100, Jerome Benoit wrote: > Hello, > > Like all major Linux distro, I really think Fedora should push security > updates information to full disclosure mailing list ... As someone who has spent years spamming Bugtraq & full-disclosure with Gentoo security advisories, I was initially in favor of sending Fedora security notices there. However, in their current state, I don't think that they are useful to many. We have a hard enough time getting package maintainers to enter *anything* about their updates, let alone security-related details such as severity, impact, workarounds, resolution, etc. I think that if we were to do a better job of encouraging/facilitating this, /then/ I would be in favor of spamming other lists. With the Bodhi v2.0 rewrite that I'm currently working on, I'm going to be adding more security tracking features into the core of the platform. I'm hoping to make it not only easier to track security issues, but also announce them in a way that is useful to others. If you're interested in helping to improve our security tracking/update process, we could use the help. luke
Attachment:
pgpnClYvagAbP.pgp
Description: PGP signature
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
