Re: Reminder: Package Maintainers please fix your security bugs!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 09/05/2018 12:24 PM, Alexander Bokovoy wrote:
> On Wed, 05 Sep 2018, Huzaifa Sidhpurwala wrote:
>> Hi All,
>>
>> This is a gentle reminder for package maintainers to fix security bugs
>> in the packages they maintain. A complete list of open security flaws
>> against Fedora packages is available at:
>>
>> https://red.ht/2wJ8kLS
>>
>> Some documentation about this is also available at:
>> https://fedoraproject.org/wiki/Security:HowtoSecurityBugs
>>
>> Remember as per the new policy, packages which fail to fix security
>> bugs, will eventually be removed from the distribution.
> There seems to be a set of bookkeeping issues with CVE bugzilla filings.
> For example, for zziplib in F27 I closed yesterday a number of CVE
> bugzillas that were not only fixed in February but also were out of
> touch with the current package state across Fedora releases.
> 
> I see a bunch of bugs being opened without really reviewing actual state
> of software in Fedora. Claiming that something is unsupported and has to
> be retired based on those bugs is then highly superficial.
> 

This will definitely not happen. We will not retire packages based on
flaws which are not really flaws.

Trackers are opened by Product Security team against Fedora packages, by
reviewing mostly the affected NVR etc, no detailed investigation is
done. If you feel this is not really a bug feel free to close it.
Package Maintainers know their packages more than anyone else.

The purpose of this whole proposal is not to remove software from
Fedora, but to achieve a state where open security issues are either
addressed or appropriately closed if notaffected.

-- 
Huzaifa Sidhpurwala / Red Hat Product Security Team
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux