Re: How to contact Fedora Security Team

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On 18/08/2024 14.22, Neal Gompa wrote:

On Sun, Aug 18, 2024 at 8:16 AM Andrew Bauer
<zonexpertconsulting@xxxxxxxxxxx> wrote:

I've got a question regarding a new crypto library that falls under this policy:
https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies/

Per the documentation, I should contact the Fedora Security Team, but unfortunately the link provided in the documentation is no good:
https://lists.fedoraproject.org/mailman/listinfo/security

This points to a list that no longer exists.  What is a good way to ping this team? Thank you.

The URL is wrong, it is:
https://lists.fedoraproject.org/admin/lists/security.lists.fedoraproject.org/

That said, the list is inactive and the formal security team disbanded
many years ago.

Well, since the XZUtils issue, we started to setup something new, but its not the same, and the scope is different (no SIG with dedicated members itself). So far, we have a #security-sig in discourse as a superordinated tag/SIG for related SIGs and place to start if someone doesn't know where to start with security issues. I set this up with mattdm, siosm and some other contributors. But so far, this is only the #confined-users (sub-)SIG [1] and the yet to be established #incident-resopnse (sub-)SIG . It's less intended as dedicated SIG but as point of coordination and exchange, and with the goal that all can see in Discourse if something is #security-sig (some have subscribed to the tag if something comes up)

That said, the elaborated case here is not yet something where the #security-sig can be useful I think. But using the #security-sig to increase outreach and exchange with other security-relevant SIGs / teams / actors might be kept in mind.

Just to let you know that there is something that can evolve with demand 🙂

[1] https://fedoraproject.org/wiki/SIGs/ConfinedUsers

Best,
Chris


You may want to check the Matrix room, which does have some activity:
https://matrix.to/#/#security:fedoraproject.org




--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux