On 05/11/2010 03:43 PM, Daniel P. Berrange wrote: > > Do we have a security team who evaluate security issues that are filed > against any package, and who have the privileges to immediately fix the > CVE should the maintainer not be responsive enough wrt the severity of > the security problem ? We shouldn't have security fixes blocked on the > unreponsive maintainer process. Proven packagers obviously have suitable > CVS commit privileges to make the changes, but do any of them actively > monitor for security issues & address them ? > Yes. Security team did monitor and filed the security issue but they don't do commits and builds and there is no team outside of them taking care of these issues. It would be great to take care of this. Rahul -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
