Forwarded message from Pete Allor on Fri Sep 30, 2022: No worries Max. I think my team is working through Ben and the first parts of adjusting the backend and our process should be out shortly. We can continue to adjust to finetune to your needs. As we work through this and adjust, if you have other inputs or desires, feel free to let me know and I will ensure we address them accordingly. Best, Pete On Fri, Sep 30, 2022 at 6:03 PM Maxwell G <gotmax@e.email> wrote: > Hi Pete, et. al, > > On Fri Sep 16, 2022, Maxwell G via devel wrote: > > I am forwarding this to the list to keep the community in the > > loop. I will respond in more detail later. > > I apologize for taking so long to actually respond to this. It seems > this slipped under my radar. > > > From: Pete Allor <pallor@xxxxxxxxxx> > > Date: Tue, 13 Sep 2022 20:49:04 -0400 > > Maxwell, > > One of my folks pointed this post out to me today. From a ProdSec > > perspective, you can reach out directly to me. > > > > The PSIRT Team and their work on CVEs report up through me, so I will be > > glad to have a discussion with you and why my folks are not supporting > you > > fully and how to fix that. > > > > I think the main thrust you are pointing to is that as the CNA for > Fedora, > > we should not be mixing all Red Hat errata into the Fedora project. > > Meaning keeping them more separated and distinct. That may not address > > all concerns, but I think it would be a good starting point to keep the > > focus correct and distinct, not overload on messages and bring attention > to > > what is critical / important so they are not missed. > > Yes, I agree; that would definitely cut down the amount of unactionable > notifications we get. > > The other main issue is the way effected packages are determined. > Often, CVE bugs are filed against packages that have already been > patched or that were never effected to begin with. > > Thank you again for reaching out, and I apologize for my overly ranty > initial email! > > -- > Maxwell G (@gotmax23) > Pronouns: He/Him/His > > -- Pete Allor, Director, Red Hat Product Security - Secure Engineering (m) 1-404-200-4630 _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue