Re: Making Fedora secure - Package exit policy for security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 07/31/2018 08:33 PM, Rex Dieter wrote:

>> 1. If a CRITICAL or IMPORTANT security issue is open against a package
>> in Fedora-X and by the time X is EOL and the issue is not addressed,
>> proactively remove the package from X+1
>> 2. If a MODERATE or LOW security issue is open against a package in
>> Fedora -X and by the time X+! is EOL, the issue is not addressed, remove
>> it from X+2
> 
> I don't think this is practical, we'll lose half the distro (are at least 
> large chunks).
> 
> Initially, such a proposal may be possible if generally limited to leaf 
> packages.
> 

So, i did some analysis of the number of packages which would be
actually removed if we allowed this policy. I generated a list of open
CVE bugs against X-2 which in this case is Fedora-26 and i got the
following list:

https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&classification=Fedora&keywords=SecurityTracking%2C%20&keywords_type=allwords&list_id=9198136&product=Fedora&query_format=advanced&version=26

If you extract the list of components ,it yields 57 unique components.
out of that components like xorg-server etc would probably be in the
critical list.

So overall, i dont think its a big problem imo. Theoretically if there
is an FTBS, the maintainer would definitely want to do something to fix
this. Maybe a lot of these bugs are not really applicable or a rebase
already fixed them, so all that is required is to close the bug with an
approproate explanation.




-- 
Huzaifa Sidhpurwala / Red Hat Product Security Team
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/7X4LIFJD7NTJN4A4Z3JYJPI43SBL7RGA/




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux