With the release of FC5test1 we've done an audit of possible (known,
public) vulnerabilities from 20030101 to date that are in packages part
of FC5test1.
May I assume this has not been done for packages in Extras ?
A quick scan of
<http://cvs.fedora.redhat.com/viewcvs/*checkout*/fedora-security/audit/
fc5?root=fedora>
produced no packages in Extras.
I could not find a reference to a security/patch/errata policy relating
to Extras at
<http://fedoraproject.org/wiki/Extras>
Errata for Extras packages is driven by the ( non-RH ) community and
the package owner, not by the RH security team?
This is OK, but it means that I ( as a community member ) will need
make more of an effort to stay on top of security issues in an Extras
package on my systems. I can rely on established infrastructure to stay
on top of those issues for packages in Core. Extras packages will seem
a bit more like applications installed via tarball, or self-packaged.
Charles Dostale
System Admin - Silver Oaks Communications
http://www.silveroaks.com/
824 17th Street, Moline IL 61265
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
