Re: AskFedora: Can someone please answer this question on security fixes on

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

Ankur Sinha wrote on Sat, May 16, 2020:
> As subject says:
> https://ask.fedoraproject.org/t/comparing-fedora-centos-security-fix-lag/7117
> 
> (I looked around a bit and couldn't find any documentation on this).

I've tried for a bit (~10 mins) but I really can't get discourse to let
me reply, probably an issue on my end but since I'm also curious about
it I can give the start of an answer here:

 - first for opaque security issues, fedora isn't on linux-distro list:
https://oss-security.openwall.org/wiki/mailing-lists/distros
This means that fedora as its own entity does not benefit from advanced
warning when such an issue occurs, apparently.
I'm curious about this point, there is a security team[0] so it could be
interesting to get one of them on the list? I'm not following quite
close enough what they do...
[0] https://fedoraproject.org/wiki/Category:Security_Team?rd=Security_Team

 - However in practice that does not seem to be much of a problem,
taking any random recent CVE e.g. CVE-2020-5260 which was made public on
April 14 2020 got released April 17 for debian[1], April 21 for
rhel7[2] & hitting centos on april 29[3], and april 15 for fedora[4]
(stable on 25th[5]).
I guess it wasn't marked as critical to skip through testing but overall
this isn't so bad, I guess? The update itself actually got pushed to
fedora before rhel customers got it, so anyone with fedora-testing
enabled would have gotten it pretty damn fast.

[1] https://tracker.debian.org/pkg/git (2.20.1-2+deb10u2)
[2] https://access.redhat.com/errata/RHSA-2020:1511
[3] http://mirror.centos.org/centos-7/7/updates/x86_64/Packages/
[4] https://koji.fedoraproject.org/koji/buildinfo?buildID=1493735 (for
f32 but other branches as well)
[5] https://bodhi.fedoraproject.org/updates/FEDORA-2020-c6548b488f


Hope this helps,
-- 
Dominique
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux