Re: Fwd: Fwd: CVE Tracking Bugs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Forwarded message from Pete Allor on Fri Sep 30, 2022:
No worries Max.

I think my team is working through Ben and the first parts of adjusting the
backend and our process should be out shortly.   We can continue to adjust
to finetune to your needs.   As we work through this and adjust, if you
have other inputs or desires, feel free to let me know and I will ensure we
address them accordingly.

Best,
Pete

On Fri, Sep 30, 2022 at 6:03 PM Maxwell G <gotmax@e.email> wrote:

> Hi Pete, et. al,
>
> On Fri Sep 16, 2022, Maxwell G via devel wrote:
> > I am forwarding this to the list to keep the community in the
> > loop. I will respond in more detail later.
>
> I apologize for taking so long to actually respond to this. It seems
> this slipped under my radar.
>
> > From: Pete Allor <pallor@xxxxxxxxxx>
> > Date: Tue, 13 Sep 2022 20:49:04 -0400
> > Maxwell,
> > One of my folks pointed this post out to me today.   From a ProdSec
> > perspective, you can reach out directly to me.
> >
> > The PSIRT Team and their work on CVEs report up through me, so I will be
> > glad to have a discussion with you and why my folks are not supporting
> you
> > fully and how to fix that.
> >
> > I think the main thrust you are pointing to is that as the CNA for
> Fedora,
> > we should not be mixing all Red Hat errata into the Fedora project.
> >  Meaning keeping them more separated and distinct.   That may not address
> > all concerns, but I think it would be a good starting point to keep the
> > focus correct and distinct, not overload on messages and bring attention
> to
> > what is critical / important so they are not missed.
>
> Yes, I agree; that would definitely cut down the amount of unactionable
> notifications we get.
>
> The other main issue is the way effected packages are determined.
> Often, CVE bugs are filed against packages that have already been
> patched or that were never effected to begin with.
>
> Thank you again for reaching out, and I apologize for my overly ranty
> initial email!
>
> --
> Maxwell G (@gotmax23)
> Pronouns: He/Him/His
>
>

--
Pete Allor, Director, Red Hat Product Security - Secure Engineering
(m) 1-404-200-4630
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux