On Tuesday 11 May 2010 13:08:53 Rahul Sundaram wrote: > On 05/11/2010 03:43 PM, Daniel P. Berrange wrote: > > Do we have a security team who evaluate security issues that are filed > > against any package, and who have the privileges to immediately fix the > > CVE should the maintainer not be responsive enough wrt the severity of > > the security problem ? We shouldn't have security fixes blocked on the > > unreponsive maintainer process. Proven packagers obviously have suitable > > CVS commit privileges to make the changes, but do any of them actively > > monitor for security issues & address them ? > > Yes. Security team did monitor and filed the security issue but they > don't do commits and builds and there is no team outside of them taking > care of these issues. It would be great to take care of this. Would be great to have similar team - I've already did update for them as provenpackager (unmaintained orphaned package - mod_auth_shadow) but I wasn't sure about my responsibilities for this update. Some clarification would be great (I'm not talking about another policy just recommended practice). Jaroslav > Rahul -- Jaroslav Řezník <jreznik@xxxxxxxxxx> Software Engineer - Base Operating Systems Brno Office: +420 532 294 275 Mobile: +420 602 797 774 Red Hat, Inc. http://cz.redhat.com/ -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
