On Wed, 05 Sep 2018, Huzaifa Sidhpurwala wrote:
Hi All, This is a gentle reminder for package maintainers to fix security bugs in the packages they maintain. A complete list of open security flaws against Fedora packages is available at: https://red.ht/2wJ8kLS Some documentation about this is also available at: https://fedoraproject.org/wiki/Security:HowtoSecurityBugs Remember as per the new policy, packages which fail to fix security bugs, will eventually be removed from the distribution.
There seems to be a set of bookkeeping issues with CVE bugzilla filings. For example, for zziplib in F27 I closed yesterday a number of CVE bugzillas that were not only fixed in February but also were out of touch with the current package state across Fedora releases. I see a bunch of bugs being opened without really reviewing actual state of software in Fedora. Claiming that something is unsupported and has to be retired based on those bugs is then highly superficial. -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
