On Tue, Nov 3, 2020 at 12:53 am, Marek Marczykowski-Górecki
<marmarek@xxxxxxxxxxxxxxxxxxxxxx> wrote:
How are in practice security issues handled in Fedora? Is there an
active security team to help patching those in timely manner? Or is it
responsibility of individual package maintainers only?
Hi,
Red Hat Product Security is responsible for monitoring CVEs and
reporting bugs when they determine that a CVE affects Fedora. Fixing
the CVEs is the responsibility of individual package maintainers. Many
maintainers respond to bugs expeditiously, but also it's pretty common
for maintainers to ignore the bug reports filed by Product Security.
Sometimes this has unfortunate results. It really differs on a
component-by-component basis.
Michael
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
