On Tue, May 11, 2010 at 03:29:53PM +0530, Rahul Sundaram wrote: > On 05/11/2010 03:26 PM, Mamoru Tasaka wrote: > > Xavier responsed to rubygem-json related bug recently: > > https://bugzilla.redhat.com/show_bug.cgi?id=589801 > > > > So I guess trying to re-contact him is better. > > > > And meanwhile leave the unaddressed security issues and prominent bugs > open for more days? I don't think that is a good idea. Do we have a security team who evaluate security issues that are filed against any package, and who have the privileges to immediately fix the CVE should the maintainer not be responsive enough wrt the severity of the security problem ? We shouldn't have security fixes blocked on the unreponsive maintainer process. Proven packagers obviously have suitable CVS commit privileges to make the changes, but do any of them actively monitor for security issues & address them ? Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
