Re: Quake3 security issue and non-responsive maintainer: Xavier Lamien

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, May 11, 2010 at 03:29:53PM +0530, Rahul Sundaram wrote:
> On 05/11/2010 03:26 PM, Mamoru Tasaka wrote:
> > Xavier responsed to rubygem-json related bug recently:
> > https://bugzilla.redhat.com/show_bug.cgi?id=589801
> >
> > So I guess trying to re-contact him is better.
> >   
> 
> And meanwhile leave the unaddressed security issues and prominent bugs
> open for more days?  I don't think that is a good idea.

Do we have a security team who evaluate security issues that are filed 
against any package, and who have the privileges to immediately fix the 
CVE should the maintainer not be responsive enough wrt the severity of
the security problem ? We shouldn't have security fixes blocked on the
unreponsive maintainer process. Proven packagers obviously have suitable
CVS commit privileges to make the changes, but do any of them actively 
monitor for security issues & address them ?

Daniel
-- 
|: Red Hat, Engineering, London    -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :|
|: http://autobuild.org        -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux