Re: Reminder: Package Maintainers please fix your security bugs!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 05 Sep 2018, Huzaifa Sidhpurwala wrote:
Hi All,

This is a gentle reminder for package maintainers to fix security bugs
in the packages they maintain. A complete list of open security flaws
against Fedora packages is available at:

https://red.ht/2wJ8kLS

Some documentation about this is also available at:
https://fedoraproject.org/wiki/Security:HowtoSecurityBugs

Remember as per the new policy, packages which fail to fix security
bugs, will eventually be removed from the distribution.
There seems to be a set of bookkeeping issues with CVE bugzilla filings.
For example, for zziplib in F27 I closed yesterday a number of CVE
bugzillas that were not only fixed in February but also were out of
touch with the current package state across Fedora releases.

I see a bunch of bugs being opened without really reviewing actual state
of software in Fedora. Claiming that something is unsupported and has to
be retired based on those bugs is then highly superficial.

--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux